FBI warns of new DDoS attack vectors: CoAP, WS-DD, ARMS, and Jenkins

Like a lot of you, I’ve been using Jenkins for years. Time to think about it being used as an attack vector rather than convenient automation of the boring stuff…:

The Federal Bureau of Investigation sent an alert last week warning about the discovery of new network protocols that have been abused to launch large-scale distributed denial of service (DDoS) attacks.

The alert lists three network protocols and a web application as newly discovered DDoS attack vectors.

The list includes CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), ARMS (Apple Remote Management Service), and the Jenkins web-based automation software.

Three of the four (CoAP, WS-DD, ARMS) have already been abused in the real-world to launch massive DDoS attacks, the FBI said based on ZDNet’s previous reporting.


Original article here