{"id":638,"date":"2018-05-15T16:19:44","date_gmt":"2018-05-15T16:19:44","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=131981"},"modified":"2018-05-15T16:19:44","modified_gmt":"2018-05-15T16:19:44","slug":"attackers-use-upnp-to-sidestep-ddos-defenses","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/","title":{"rendered":"Attackers Use UPnP to Sidestep DDoS Defenses"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<p>Universal Plug and Play networking protocols have never been a friend of security researchers. On Monday, Imperva gave the InfoSec community another reason to <a href=\"https:\/\/threatpost.com\/tag\/upnp\/\">dislike UPnP<\/a>.<\/p>\n<p>In a proof-of-concept Distributed Denial of Service (DDoS) attack, Imperva researchers have devised a way to exploit the UPnP protocol to bypass mitigations and carry out crippling DDoS amplification assaults.<\/p>\n<p>Imperva\u2019s PoC stems from its analysis of reflection-based DDoS attacks in 2017 that exploited varying protocols to magnify their impact. For example, Network Time Protocol amplification-based DDoS attacks represented a third of assaults tracked by Imperva. Reflection-based amplification using Domain Name System servers and Simple Service Discovery Protocol (SSDP) were also well represented in Imperva\u2019s analysis \u2013 representing another third of attacks.<\/p>\n<p>\u201cFor bad actors, amplification vectors offer a shortcut to launching bandwidth-heavy assaults without the need for equally large botnet resources,\u201d wrote <a href=\"https:\/\/www.imperva.com\/blog\/2018\/05\/new-ddos-attack-method-demands-a-fresh-approach-to-amplification-assault-mitigation\/\">co-authors of the report<\/a> Avishay Zawoznik, Johnathan Azaria and Igal Zeifman. \u201cFrom a mitigation point of view, however, they represent a diminished threat as, by now, most mitigation services have scaled to a point where attack bandwidth is no longer a chief concern\u2014or any concern at all.\u201d<\/p>\n<p>Mitigating against these attacks have become routine. Researchers point out \u201cblocking all packets with source port 53 is considered a tried-and-true method for mitigating DNS amplification attacks.\u201d<\/p>\n<p>That\u2019s why researchers became intrigued by an unconventional SSDP amplification attack spotted in April. \u201cWe noticed that a certain percentage of SSDP payloads, sometimes as much as 12 percent, were arriving from an unexpected source port, and not UDP\/1900,\u201d wrote researchers.<\/p>\n<p>SSDP is a protocol that UPnP devices use to share data using User Datagram Protocol (an alternative Transmission Control Protocol) on port 1900.<\/p>\n<p>In an effort to reproduce the April attack, Imperva researchers devised a novel UPnP-integrated attack method that could be used to obfuscate source port information for any type of amplification payload, including SSDP, DNS and NTP attacks. \u201cThere is no reason to assume that other amplification vectors (e.g., Memcached) will not work just as well,\u201d researchers said.<\/p>\n<p>In March, GitHub suffered\u00a0<a href=\"https:\/\/threatpost.com\/in-wake-of-biggest-ever-ddos-attack-experts-say-brace-for-more\/130205\/\">a massive DDoS attack<\/a>, measuring 1.3 Tbps of sustained traffic for eight minutes, where the attacker used the memcached amplification technique.<\/p>\n<p>A simplified description of the UPnP PoC entails using the Shodan search engine to find exploitable UPnP gateway devices and a UPnP-associated file called rootDesc.xml. \u201cCataloged in rootDesc.xml are all of the available UPnP services and devices,\u201d researchers wrote.<\/p>\n<p>Once an attacker has identified the rootDesc.xml file they can use it to determine actions that the device will accept remotely. In the researchers\u2019 PoC, one of those actions is AddPortMapping\u2014a command that can be used to configure port forwarding rules.<\/p>\n<p>\u201cUsing the scheme within the file, a SOAP request can be crafted to create a forwarding rule that reroutes all UDP packets sent to port 1337 to an external DNS server (3.3.3.3) via port UDP\/53,\u201d researchers said.<\/p>\n<p><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/15113914\/Reflective-DDoS-Port-Forwarding.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-131984 size-full\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/15113914\/Reflective-DDoS-Port-Forwarding.png\" alt=\"\" width=\"919\" height=\"316\"\/><\/a><\/p>\n<p>This type of port forwarding allows a DDoS attacker to send a DNS request on one port (UDP\/1337) and then have it proxied to a DNS resolver over destination port (UDP\/53). \u201cThe DNS resolver responds to the device over source port UDP\/53,\u201d researchers said. Then, \u201cthe device forwards the DNS response back to the original requestor, but not before changing the source port back to UDP\/1337.\u201d<\/p>\n<p>\u201cThis was enough to serve as a proof of concept for our hypothesis. In an actual attack scenario, however, the initial DNS request would have been issued from a spoofed victim\u2019s IP, meaning that the response would have been bounced back to the victim,\u201d researchers wrote.<\/p>\n<p>Imperva asserts its PoC should prompt security professionals to rethink how to mitigate against amplification attacks.<\/p>\n<p>\u201cWith source IP and port information no longer serving as reliable filtering factors, the most likely answer is to perform deep packet inspection to identify amplification payloads\u2014a more resource-intensive process, which is challenging to perform at an inline rate without access to dedicated mitigation equipment,\u201d they said.<\/p>\n<p>READ MORE <a href=\"https:\/\/threatpost.com\/attackers-use-upnp-to-sidestep-ddos-defenses\/131981\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Universal Plug and Play networking protocols can be exploited to bypass DDoS mitigations. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":639,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[445,446,447,18,77,448,449,450,451,19,69],"class_list":["post-638","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-distributed-denial-of-service","tag-dns","tag-domain-name-system","tag-hacks","tag-iot","tag-ntp","tag-simple-service-discovery-protocol","tag-ssdp","tag-upnp","tag-vulnerabilities","tag-web-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attackers Use UPnP to Sidestep DDoS Defenses 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attackers Use UPnP to Sidestep DDoS Defenses 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-15T16:19:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/attackers-use-upnp-to-sidestep-ddos-defenses.png\" \/>\n\t<meta property=\"og:image:width\" content=\"919\" \/>\n\t<meta property=\"og:image:height\" content=\"316\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Attackers Use UPnP to Sidestep DDoS Defenses\",\"datePublished\":\"2018-05-15T16:19:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/\"},\"wordCount\":664,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/attackers-use-upnp-to-sidestep-ddos-defenses.png\",\"keywords\":[\"Distributed Denial of Service\",\"DNS\",\"Domain Name System\",\"Hacks\",\"IoT\",\"NTP\",\"Simple Service Discovery Protocol\",\"SSDP\",\"UPnP\",\"Vulnerabilities\",\"Web Security\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/\",\"name\":\"Attackers Use UPnP to Sidestep DDoS Defenses 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/attackers-use-upnp-to-sidestep-ddos-defenses.png\",\"datePublished\":\"2018-05-15T16:19:44+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/attackers-use-upnp-to-sidestep-ddos-defenses.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/attackers-use-upnp-to-sidestep-ddos-defenses.png\",\"width\":919,\"height\":316},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-use-upnp-to-sidestep-ddos-defenses\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Distributed Denial of Service\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/distributed-denial-of-service\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Attackers Use UPnP to Sidestep DDoS Defenses\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attackers Use UPnP to Sidestep DDoS Defenses 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/","og_locale":"en_US","og_type":"article","og_title":"Attackers Use UPnP to Sidestep DDoS Defenses 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-15T16:19:44+00:00","og_image":[{"width":919,"height":316,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/attackers-use-upnp-to-sidestep-ddos-defenses.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Attackers Use UPnP to Sidestep DDoS Defenses","datePublished":"2018-05-15T16:19:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/"},"wordCount":664,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/attackers-use-upnp-to-sidestep-ddos-defenses.png","keywords":["Distributed Denial of Service","DNS","Domain Name System","Hacks","IoT","NTP","Simple Service Discovery Protocol","SSDP","UPnP","Vulnerabilities","Web Security"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/","url":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/","name":"Attackers Use UPnP to Sidestep DDoS Defenses 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/attackers-use-upnp-to-sidestep-ddos-defenses.png","datePublished":"2018-05-15T16:19:44+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/attackers-use-upnp-to-sidestep-ddos-defenses.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/attackers-use-upnp-to-sidestep-ddos-defenses.png","width":919,"height":316},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/attackers-use-upnp-to-sidestep-ddos-defenses\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Distributed Denial of Service","item":"https:\/\/www.threatshub.org\/blog\/tag\/distributed-denial-of-service\/"},{"@type":"ListItem","position":3,"name":"Attackers Use UPnP to Sidestep DDoS Defenses"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=638"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/638\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/639"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}