Botnet operators have managed to infiltrate the servers of VPN provider Powerhouse Management and are exploiting them to launch Distributed Denial of Service (DDoS) attacks.
Details about the compromised servers were shared by an anonymous security researcher with ZDNet last week.
Even as Powerhouse failed to answer emails both by the security researcher and ZDNet, the latter has learnt that the compromised VPN servers have already been weaponized and are in use in real-world attacks – although TechRadar Pro has been unable to verify the authenticity of these claims.
Thousands of servers at risk
As per the anonymous security researcher, who shared his findings publicly on GitHub, the threat actors have managed to find and exploit a service running on UDP port 20811 on Powerhouse’s servers.
“Powerhouse Management products – either Outfox (a latency reduction VPN service) or VyprVPN (a general vpn service) are exposing an interesting port – port 20811 which provides a massive data and packet amplification factor when probed with any single byte request,” the researcher observed.
What this means is that attackers can use this port to bounce an amplified packet to the IP address of the victim of the DDoS attack. The researcher notes that a scan reveals there are over 1500 Powerhouse VPN servers with their UDP port 20811 exposed and can potentially be used to launch a DDoS attack.
The researcher told ZDNet that while Powerhouse has servers all over the world, the most vulnerable seem to be “in the UK, Vienna, and Hong Kong.”
Until Powerhouse responds and addresses the issue, the researcher suggests that network admins block any traffic that comes from port 20811, in order to mitigate the risk of a DDoS attack against their networks.
Via: ZDNet