13 Jul '15, 4pm
#Akamai warns of increasing DDoS attacks using abandoned RIPv1 protocol. #stateofinternet
Akamai finds it puzzling that RIPv1 has re-emerged after more than a year of dormancy. The first version of RIP protocol was introduced in 1988, more than 25 years ago under RFC1058. It’s obvious that attackers are exploiting their familiarity with this presumed abandoned DDoS reflection vector. Leveraging the behaviour of RIPv1 to launch a DDoS reflection attack is apparently quite simple for an attacker. The attacker can easily send a normal broadcast query with a malicious query as a unicast request, directly to the reflector. The IP can then be spoofed to match the intended attack target.