DDoS Attacks Bypassing Mitigation Solutions via the UPnP Protocol

Threat actors are circumventing DDoS (distributed denial-of-service) mitigation solutions by taking advantage of the Universal Plug and Play (UPnP) protocol to mask the source port of packets sent during a DDoS flood attack, according to DDoS mitigation firm Imperva. These attacks hide their source IPs using UPnP and then leverage DNS and NTP protocols during the DDoS flood. The NJCCIC recommends reviewing the Imperva report and disabling UPnP support for networks not using the feature.