A widely used VPN service is being used to stage distributed denial-of-service (DDoS) attacks against websites, ZDNet reported earlier this week.
The attacks seem to be related to a flaw in VyprVPN and a related online service, Outfox, that guarantees network speed and reliability to online gamers. Details of the flaw were posted on the online code-sharing website GitHub last week.
Both VyprVPN and Outfox are owned and operated by Powerhouse Management, a Texas company that also runs Golden Frog, a Switzerland-based firm that presents itself as the owner and operator of VyprVPN and Outfox.
“Powerhouse Management products — either Outfox (a latency reduction VPN service) or VyprVPN (a general vpn service) are exposing an interesting port — port 20811 which provides a massive data and packet amplification factor when probed with any single byte request,” wrote pseudonymous security researcher Phenomite in a GitHub post Feb. 16.
“Not only does this mean Powerhouse servers can be used as a DDoS amplification source, but reveals all servers around the world that are running such potential VPN services — which removes the privacy factor somewhat.”
Phenomite said the Powerhouse servers allowed for a packet-amplification factor of about 40 times the input, drastically increasing the amount of data that an attacker could direct at a target website. For multi-packet attacks, Phenomite wrote, the amplification factor was about 366 times the input.
The researcher said he could detect about 1,500 Powerhouse-associated servers worldwide that could be exploited using this method.
All this would allow a relatively small botnet to launch potentially large DDoS attacks against well-defended websites. DDoS attacks try to knock a web server offline by bombarding it with massive amounts of useless data and impossible requests.
The attacks would be assisted by the fact that the Powerhouse server port in question handles the relatively loose User Datagram Protocol (UDP) traffic, rather than the more tightly controlled Transmission Control Protocol (TCP) traffic that’s used to transmit most website information.
Attacks may already be happening
Such attacks using Powerhouse’s servers are indeed happening, wrote ZDNet’s Catalin Cimpanu, who did not reveal his sources or name any targets. Tom’s Guide could not confirm that such attacks were taking place.
Tom’s Guide has reached out to Powerhouse Management for comment, and we will update this story when we receive a reply.
There is no indication that consumer users of Powerhouse services, including VyprVPN or Outfox, are at any risk from these flaws.