DTLS server can be used as network traffic reflector/amplifier for DDoS attacks
cve-reporting opened this issue · 2 comments
Botan DTLS server in versions 2.9.0 and 2.8.0 (and probably earlier ones) can be used to perform Distributed Denial of Service attacks as network amplifier with spoofing of the source IP address.
After receiving DTLS v1.2 Client Hello message (197 bytes long) Botan DTLS server responds with 6 DTLS v1.2 packets:
- DTLS Alert (warning, unrecognized_name) - 15 bytes,
- Server Hello - 110 bytes,
- Certificate - 1022 bytes,
- Server Key Exchange - 1085 bytes,
- Server Key Exchange - 1083 bytes,
- Server Hello Done - 25 bytes.
Together all response packets are 3340 bytes, which gives 1595% amplification factor (calculated as: output/input - 1).
Server responds to IP address from first packet without getting any concurrent response from client, so this request can be used for Distributed Denial of Service.
In case the destination (spoofed) client sends ICMP Host Unreachable to any responses, another set of packets is sent:
- DTLS Alert (Warning, Unrecognized name) - 15 bytes,
- Server Hello - 110 bytes,
- Certificate - 1022 bytes,
- DTLS Alert (Fatal, Internal Error) - 15 bytes.
Together all response packets are 1162 bytes, which gives 490% amplification factor, which is still enough to perform DDoS attacks.
Script that can be used to reproduce this issue was delivered to Jack Lloyd via encrypted email.
We need to implement hello verify request on the server side, currently it is only done on client side.
@randombit Do you agree to register this issue in CVE database as vulnerability?
As this is not mandatory feature for all DTLS implementations.
However, if Botan is intended as versatile "all-purpose" DTLS server, it should have this mechanism.
Otherwise, this should be marked in Botan documentation as limitation and security usage recommendation.