Who are what company you work for I feel this scam I will take this email to the police
On Wed, Apr 28, 2021, 11:43 AM Jonas Schäfer <[email protected]> wrote: > Hi fellow operators, > > TL;DR: STUN/TURN servers are vulnerable to abuse to facilitate reflected > amplified DDoS attacks even with authentication enabled. Roll a few dice > and > choose a random port number for your STUN server for the better of the > internet. > > > DESCRIPTION > > With the advent of widespread A/V calling support in client connections, > many > of us have deployed STUN/TURN servers. > > Because of inherent flaws in the UDP, STUN and TURN protocols, STUN/TURN > servers are easy to detect and to abuse in Distributed Denial of Service > attacks. > > By using source IP address spoofing [1] and exploiting that UDP is > connectionless, attackers can make the STUN server send traffic to > arbitrary > IP addresses via an reflected attack [2]. > > In some cases, the response of the STUN server will also be larger than > the > request sent by the client, adding an amplification [3] factor to it. > > Unfortunately, the exploited behaviour is part of the normal operation of > the > STUN protocol. It also happens pre-auth, so adding authentication is not > sufficient. > > > MITIGATION > > In order to mitigate those attacks, the current recommendation we worked > out > is to randomize the port number of your STUN server. As XMPP allows > clients to > discover STUN servers including their port number (even via a secured > channel), this is an easy measure. > > Make sure to pick the port number as random, and take care to also > correctly > configure the alternative STUN port number. > > > Thanks, > Jonas > > [1]: https://en.wikipedia.org/wiki/IP_address_spoofing > [2]: https://en.wikipedia.org/wiki/Denial-of-service_attack#Reflected_/ > _spoofed_attack > [3]: > https://en.wikipedia.org/wiki/Denial-of-service_attack#Amplification
