For the first time, cyber security researchers detected a DDoS technique which masks the UPnP (set of networking protocols Universal Plug and Play) ports and by doing so avoids the majority of the older methods for protection against DDoS attacks.
The heart of the attack is bases on the DNS amplification technique, which replies to DNS inquiries to the victim because of a spoofed IP address of the sender. By utilizing this new DDoS approach, the attacking mechanism actually is the UPnP router, which freely forwards the requests from one outer source to another. Via UPnP the router returns requests and data to an unsuspected UDP port from a spoofed IP address, which makes the counter almost impossible with classic DDoS mitigation methods.
The newer DDoS mitigation systems which utilize Deep Packet Inspection method (DPI) are capable of detecting and countering this new type of attack, but those systems are more expensive as a whole.
When this new attack type was discovered, one of the prediction was that it would also translate to other protocols and not only DNS and NTP (the initial protocols). This months a SSDP-based attack was detected, which is a clear indicator that this attack model is successful and it will most probably translate to other protocols as well.