A report by the Broadband Internet Technical Advisory Group identifies...

configuration. The report, which is BITAG’s third review, explains how the devices are exploited and the implications and concerns around the attacks (http://xrl.us/bni2bo). The group includes Google, Microsoft, the Center for Democracy & Technology, Public Knowledge, Disney, Viacom, Cisco and AT&T, among other application providers, public interest groups, content providers, equipment makers and ISPs. ISPs began monitoring “large-scale SNMP reflection attacks where subscriber devices can be used unwittingly to generate significant and sustained levels of traffic, targeted against other networks or sites,” the report said. Several conditions allowing such attacks “exist on many types [of] networks, regardless of access network technology ... and regardless of geographic location.” Some conditions include networks that don’t perform ingress filtering, networks with hosts “that are infected with malware, and are under the control of bot networks” and some home gateway devices that are shipped with SNMP turned on by default, it said. BITAG identified initiation, distribution, reflection and amplification as steps taken by attackers to conduct the attacks. The SNMP size is larger than the SNMP query sent by the bot network, it said: The bot network “is able to amplify the amount of data directed at the attack target, compared to a smaller amount of data sent by the bot network.” BITAG cautioned against blocking all traffic destined for the attack target: This “prevents legitimate end user access to the target’s IP addresses.” Temporarily blocking traffic destined to shared cloud-based services and hosting services “can have a potentially significant impact on legitimate traffic that is not part of the attack,” it added.