There are new DDoS attacks everyday and CoAP is the latest. Their damage potential changes dramatically, based on many factors. It might be surprising to know that most of the time these attacks can be mitigated by existing defensive devices and mechanisms, and CoAP is no different.
Any mitigation device correctly configured to handle UDP Garbage floods should have no issues mitigating a CoAP flood.
When it comes to DDoS, CoAP turns IoT devices into an amplification surface, meaning an attacker can use vulnerable devices to generate a bigger attack with greater ease. That sounds scary, but if you look at how such an attack will affect your environment, you can see that:
- The attack is made of a large quantity of UDP packets.
- Those packets can contain a fair amount of data.
- Most non-IoT devices will not know how to process this data, effectively making it into a UDP Garbage Flood.
You might have figured it out already, but a CoAP flood is little more than a hyped up UDP Garbage Flood. Most importantly, any mitigation device correctly configured to handle UDP Garbage floods should have no issues mitigating a CoAP flood.
So bottom line – CoAP is an easy way for attackers to generate a large UDP DDoS attack, but if you’ve already verified that DDoS mitigation blocks UDP attack traffic, you should have nothing to worry about.
Not that sure?
Learn more about testing your environment against the most common DDoS Attack vectors here.