World's largest DDoS strikes US, Europe

Powered by SC Magazine
 

New attack vector a sign of "ugly things to come".

A content delivery network provider has today been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector.

The Network Time Protocol (NTP) Reflection attack exploits a timing mechanism that underpins a way the internet works to greatly amplify the power of what would otherwise be a small and ineffective assault.

US-based DDoS protection outfit CloudFlare was hit with the attacks after an unnamed customer was targeted.

It is unclear how many websites and users were affected, although at least one French networking host reported a 350Gbps DDoS attack during the assault.

CloudFlare chief executive Matthew Prince said the attack tipped 400Gbps, 100Gbps larger than the previous record DDoS attack which used DNS reflective amplification. 

Cloudflare did not return a request for more information by the time of publication.

Prince said on Twitter "someone's got a big, new cannon" and the attack was the "start of ugly things to come".

The nature of the NTP attack means it could be difficult to ascertain the location or identity of attackers since the initial requests that kick off the attacks are spoofed.

Denial of service protection vendor Black Lotus published one of the first public reports on a NTP Reflection attack that amplified the traffic by a staggering factor of 58.5.

"For example, 100Mbps of spoofed NTP traffic can cause 5.8Gbps of malicious traffic to strike the spoofed target," the report read.

The power of the vector was demonstrated last month in attacks that took down gaming streaming servers used by professional gamers for EA and League of Legends.

In December, Symantec researchers reported "large scale" NTP reflection attacks across the web.

While DDoS protection services can help to mitigate the impact of NTP DDoS', security experts urge administrators to correct web configuration errors squashing the attack vector.

"It's best to stem the flow of NTP-based DDoS by making simple configuration changes to firewalls and NTP servers. Doing so makes the web safer for everyone," Cloudflare wrote in a report.

The US Computer Emergency Response Team has also listed mitigation recommendations, as has security firm Qualys.

The OpenNTPProject can help administrators determine if their servers are vulnerable.

Copyright © iTnews.com.au . All rights reserved.


World's largest DDoS strikes US, Europe
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1815

Vote
Do you support the abolition of the Office of the Information Commissioner?