Security Firm Observes New C-LDAP DDoS Attack Vector

Since October 2016, the content delivery and cloud services provider Akamai Networks has detected and mitigated at least 50 distributed denial-of-service (DDoS) attacks achieved using a new attack method. Attackers are abusing Connectionless Lightweight Directory Access Protocol (C-LDAP)—used by many organizations for directory services, such as accessing credentials—for enabling and amplifying DDoS attacks. This technique is especially dangerous due to the extent of the amplification that can be achieved when abusing internet-exposed C-LDAP services. The attacks observed thus far range from 1 gigabit per second (Gbps) to 24 Gbps, enough to bring smaller websites offline and potentially cause latency issues on others. As with many other reflection and amplification attack vectors, this method would not be successful if proper ingress filtering was in place. More information is available in this Akamai Threat Advisory.