World's largest DDoS strikes US, Europe

Powered by SC Magazine
 

New attack vector a sign of "ugly things to come".

A content delivery network provider has today been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector.

The Network Time Protocol (NTP) Reflection attack exploits a timing mechanism that underpins a way the internet works to greatly amplify the power of what would otherwise be a small and ineffective assault.

US-based DDoS protection outfit CloudFlare was hit with the attacks after an unnamed customer was targeted.

It is unclear how many websites and users were affected, although at least one French networking host reported a 350Gbps DDoS attack during the assault.

CloudFlare chief executive Matthew Prince said the attack tipped 400Gbps, 100Gbps larger than the previous record DDoS attack which used DNS reflective amplification. 

Cloudflare did not return a request for more information by the time of publication.

Prince said on Twitter "someone's got a big, new cannon" and the attack was the "start of ugly things to come".

The nature of the NTP attack means it could be difficult to ascertain the location or identity of attackers since the initial requests that kick off the attacks are spoofed.

Denial of service protection vendor Black Lotus published one of the first public reports on a NTP Reflection attack that amplified the traffic by a staggering factor of 58.5.

"For example, 100Mbps of spoofed NTP traffic can cause 5.8Gbps of malicious traffic to strike the spoofed target," the report read.

The power of the vector was demonstrated last month in attacks that took down gaming streaming servers used by professional gamers for EA and League of Legends.

In December, Symantec researchers reported "large scale" NTP reflection attacks across the web.

While DDoS protection services can help to mitigate the impact of NTP DDoS', security experts urge administrators to correct web configuration errors squashing the attack vector.

"It's best to stem the flow of NTP-based DDoS by making simple configuration changes to firewalls and NTP servers. Doing so makes the web safer for everyone," Cloudflare wrote in a report.

The US Computer Emergency Response Team has also listed mitigation recommendations, as has security firm Qualys.

The OpenNTPProject can help administrators determine if their servers are vulnerable.

Copyright © iTnews.com.au . All rights reserved.


World's largest DDoS strikes US, Europe
 
 
 
Top Stories
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
What InfoSec can learn from the insurance industry
[Blog post] Another way data breach laws could help manage risk.
 
A ten-point plan for disrupting security
[Blog post] How can you defend the perimeter when it’s in the cloud?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1043

Vote