World's largest DDoS strikes US, Europe

Powered by SC Magazine
 

New attack vector a sign of "ugly things to come".

A content delivery network provider has today been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector.

The Network Time Protocol (NTP) Reflection attack exploits a timing mechanism that underpins a way the internet works to greatly amplify the power of what would otherwise be a small and ineffective assault.

US-based DDoS protection outfit CloudFlare was hit with the attacks after an unnamed customer was targeted.

It is unclear how many websites and users were affected, although at least one French networking host reported a 350Gbps DDoS attack during the assault.

CloudFlare chief executive Matthew Prince said the attack tipped 400Gbps, 100Gbps larger than the previous record DDoS attack which used DNS reflective amplification. 

Cloudflare did not return a request for more information by the time of publication.

Prince said on Twitter "someone's got a big, new cannon" and the attack was the "start of ugly things to come".

The nature of the NTP attack means it could be difficult to ascertain the location or identity of attackers since the initial requests that kick off the attacks are spoofed.

Denial of service protection vendor Black Lotus published one of the first public reports on a NTP Reflection attack that amplified the traffic by a staggering factor of 58.5.

"For example, 100Mbps of spoofed NTP traffic can cause 5.8Gbps of malicious traffic to strike the spoofed target," the report read.

The power of the vector was demonstrated last month in attacks that took down gaming streaming servers used by professional gamers for EA and League of Legends.

In December, Symantec researchers reported "large scale" NTP reflection attacks across the web.

While DDoS protection services can help to mitigate the impact of NTP DDoS', security experts urge administrators to correct web configuration errors squashing the attack vector.

"It's best to stem the flow of NTP-based DDoS by making simple configuration changes to firewalls and NTP servers. Doing so makes the web safer for everyone," Cloudflare wrote in a report.

The US Computer Emergency Response Team has also listed mitigation recommendations, as has security firm Qualys.

The OpenNTPProject can help administrators determine if their servers are vulnerable.

Copyright © iTnews.com.au . All rights reserved.


World's largest DDoS strikes US, Europe
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 338

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 143

Vote