Understanding the CoAP DDoS Attack Vector

There are new DDoS attacks everyday and CoAP is the latest. Their damage potential changes dramatically, based on many factors. It might be surprising to know that most of the time these attacks can be mitigated by existing defensive devices and mechanisms, and CoAP is no different.

Any mitigation device correctly configured to handle UDP Garbage floods should have no issues mitigating a CoAP flood.

 

Cyber Mask (Resized)
CoAP is a protocol used by IoT devices, and is similar in a lot of ways to HTTP, except it rests upon UDP instead of TCP as the layer 4 protocol. Given the current state of IoT security its unsurprising that this protocol has vulnerabilities that can be exploited by malicious actors.
When it comes to DDoS, CoAP turns IoT devices into an amplification surface, meaning an attacker can use vulnerable devices to generate a bigger attack with greater ease. That sounds scary, but if you look at how such an attack will affect your environment, you can see that:
  1. The attack is made of a large quantity of UDP packets.
  2. Those packets can contain a fair amount of data.
  3. Most non-IoT devices will not know how to process this data, effectively making it into a UDP Garbage Flood.

You might have figured it out already, but a CoAP flood is little more than a hyped up UDP Garbage Flood. Most importantly, any mitigation device correctly configured to handle UDP Garbage floods should have no issues mitigating a CoAP flood.

So bottom line - CoAP is an easy way for attackers to generate a large UDP DDoS attack, but if you've already verified that DDoS mitigation blocks UDP attack traffic, you should have nothing to worry about.

Not that sure?

Learn more about testing your environment against the most common DDoS Attack vectors here.

 

Download The State of DDoS Protection

Picture of Yotam Alon

About Yotam Alon

Yotam is the Dev Lead at MazeBolt and is in charge of all R&D activities, infrastructure and security. With five years in the security industry, Yotam brings fresh perspectives and insights into current technologies and development flows. He holds a BSc. in mathematics and philosophy and enjoys hitting the archery range in his spare time.