Win-DDoS leverages a flaw in Windows LDAP client code to create a botnet from thousands of public domain controllers. Researchers discovered that attackers can manipulate the referral process, directing DCs to a victim server, effectively conducting distributed denial-of-service attacks. The attack does not require code execution or credentials, transforming the Windows platform into both the victim and the weapon. Attackers send RPC calls to DCs, prompting them to send LDAP queries that ultimately overwhelm the target server.
"As we explored the intricacies of the Windows LDAP client code, we discovered a significant flaw that allowed us to manipulate the URL referral process to point DCs at a victim server to overwhelm it," Yair and Morag said in a report shared with The Hacker News.
"As a result, we were able to create Win-DDoS, a technique that would enable an attacker to harness the power of tens of thousands of public DCs around the world to create a malicious botnet with vast resources and upload rates. All without purchasing anything and without leaving a traceable footprint."
"Once the TCP connection is aborted, the DCs continue to the next referral on the list, which points to the same server again," the researchers said.
Collection
[
|
...
]