Understanding the CoAP DDoS Attack Vector

There are new DDoS attacks everyday and CoAP is the latest. Their damage potential changes dramatically, based on many factors. It might be surprising to know that most of the time these attacks can be mitigated by existing defensive devices and mechanisms, and CoAP is no different.

Any mitigation device correctly configured to handle UDP Garbage floods should have no issues mitigating a CoAP flood.

 

CoAP is a protocol used by IoT devices, and is similar in a lot of ways to HTTP, except it rests upon UDP instead of TCP syn flood  as the layer 4 protocol. Given the current state of IoT security its unsurprising that this protocol has vulnerabilities that can be exploited by malicious actors.

When it comes to DDoS, CoAP turns IoT devices into an amplification surface, meaning an attacker can use vulnerable devices to generate a bigger attack with greater ease. That sounds scary, but if you look at how such an attack will affect your environment, you can see that:

  1. The attack is made of a large quantity of UDP packets.
  2. Those packets can contain a fair amount of data.
  3. Most non-IoT devices will not know how to process this data, effectively making it into a UDP Garbage Flood.

You might have figured it out already, but a CoAP flood is little more than a hyped up UDP Garbage Flood. Most importantly, any mitigation device correctly configured to handle UDP Garbage floods should have no issues mitigating a CoAP flood.

So bottom line – CoAP is an easy way for attackers to generate a large UDP DDoS attack, but if you’ve already verified that DDoS mitigation blocks UDP attack traffic, you should have nothing to worry about.

Not that sure?

Learn more about testing your environment against the most common DDoS Attack vectors here.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Updated.
Get our Newsletter*

Recent posts

Stay Updated - Get Our Newsletter

Stay Updated - Get Our Newsletter