Knowledgebase Article

Security Advisory Sentinel reflection DDoS

General


Partial content displayed, please Sign In in order to gain full access

Description
A new variant of an amplification DDoS attack known as Sentinel reflection has been experienced in the wild. Sentinel reflection is a vulnerability in the SPSS license server, a well-known statistical software package from IBM.
The SPSS license server service runs on port 5093 to a random destination port. The script uses the UDP request ‘7A 00 00 00 00 00’, which is the letter “z” followed by five null characters.
Because UDP does not validate source IP addresses, attackers can forge source IP addresses and exploit the license server to divert UDP responses to a victim’s systems.
Impact
For more information risk and mitigation read the  Sentinel reflection DDoS Security Advisory.