German researchers have discovered a worrying vulnerability within some commonly used internet protocols.

This flaw could potentially affect 300,000 network servers around the world by creating a permanent denial of service loop that can overwhelm affected systems or networks with massive traffic. The CISPA Helmholtz Center in Saarbrücken has issued a public alert regarding this threat which could result in many victims.

The internet protocols concerned include NS (Name Server), NTP (Network Time Protocol) and TFTP (Trivial File Transfer Protocol), as well as some older protocols. To better understand, internet protocols are rules and procedures that govern the transmission of data over the internet. NS protocols are used to translate domain names into IP addresses, NTP protocols are used to synchronize time between computers, and TFTP protocols are used to transfer files between computers.

This new flaw differs from traditional DoS (Denial of Service) attacks because it targets the application layer rather than the network layer. To better understand, imagine network services as links in a chain. When one link encounters a problem, it sends an error message to the next. In this case, the network services are linked together in such a way that they continue to respond indefinitely to each other’s error messages, creating a continuous cycle of DoS attacks.

A DoS attack is an attack that involves overwhelming a network or server with traffic to make it unavailable to legitimate users. In this case, this new flaw creates a loop of error messages that can overwhelm the affected systems or networks, making them unavailable. And once this vicious circle is triggered, it is extremely difficult to stop it. Even the attacker behind the denial of service loop could not interrupt it, according to the researchers.

For now, this vulnerability is not yet actively exploited. However, researchers warn that its implementation is relatively simple. It relies on IP spoofing, and an attacker only needs to inject a single error message into a server to trigger the loop. The servers then continue to send error messages to each other, creating massive traffic that can cripple the network.

Researchers are calling for urgent action and have already informed network server and device providers of their findings. Products from Microsoft, Huawei, Broadcom, Cisco, D-Link, TP-Link and Zyxel, among others, would be vulnerable. It is therefore crucial that providers and users take the necessary steps to protect their systems and avoid falling victim to this permanent “DoS loop”.