Over 4 Million Exposed Systems Vulnerable to New DoS Tunneling Attacks
Massive Risk Uncovered Across Internet Devices
Security researchers have identified critical flaws in common internet tunneling protocols—such as GRE, IPIP, 6in4, and 4in6. These vulnerabilities affect more than 4.26 million devices worldwide, including VPN servers, home routers, CDNs, and core routers, opening doors to devastating Denial-of-Service (DoS) attacks.
Two Dangerous New Attack Techniques
Tunneled-Temporal Lensing (TuTL)
This attack floods a target with concentrated bursts of tunneled traffic, overwhelming systems during tight timeframes.
Economic Denial of Sustainability (EDoS)
Designed to be stealthy and persistent, EDoS drives up operational costs for cloud-hosted services by exploiting resource billing mechanisms.
Global Impact on Essential Services
The vulnerabilities span 218 countries, with large-scale exposures in China, France, the U.S., Japan, Brazil, and beyond. A few internet service providers (ISPs) account for nearly half of all affected devices—highlighting systemic global risk.
Immediate Mitigation Measures
Experts advise:
- Restricting tunneling traffic at the host level
- Transitioning to secure tunneling solutions like IPsec or WireGuard
- Instructing ISPs to filter and inspect unencrypted tunnel traffic, and block suspicious packets