World's largest DDoS strikes US, Europe

Powered by SC Magazine
 

New attack vector a sign of "ugly things to come".

A content delivery network provider has today been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector.

The Network Time Protocol (NTP) Reflection attack exploits a timing mechanism that underpins a way the internet works to greatly amplify the power of what would otherwise be a small and ineffective assault.

US-based DDoS protection outfit CloudFlare was hit with the attacks after an unnamed customer was targeted.

It is unclear how many websites and users were affected, although at least one French networking host reported a 350Gbps DDoS attack during the assault.

CloudFlare chief executive Matthew Prince said the attack tipped 400Gbps, 100Gbps larger than the previous record DDoS attack which used DNS reflective amplification. 

Cloudflare did not return a request for more information by the time of publication.

Prince said on Twitter "someone's got a big, new cannon" and the attack was the "start of ugly things to come".

The nature of the NTP attack means it could be difficult to ascertain the location or identity of attackers since the initial requests that kick off the attacks are spoofed.

Denial of service protection vendor Black Lotus published one of the first public reports on a NTP Reflection attack that amplified the traffic by a staggering factor of 58.5.

"For example, 100Mbps of spoofed NTP traffic can cause 5.8Gbps of malicious traffic to strike the spoofed target," the report read.

The power of the vector was demonstrated last month in attacks that took down gaming streaming servers used by professional gamers for EA and League of Legends.

In December, Symantec researchers reported "large scale" NTP reflection attacks across the web.

While DDoS protection services can help to mitigate the impact of NTP DDoS', security experts urge administrators to correct web configuration errors squashing the attack vector.

"It's best to stem the flow of NTP-based DDoS by making simple configuration changes to firewalls and NTP servers. Doing so makes the web safer for everyone," Cloudflare wrote in a report.

The US Computer Emergency Response Team has also listed mitigation recommendations, as has security firm Qualys.

The OpenNTPProject can help administrators determine if their servers are vulnerable.

Copyright © iTnews.com.au . All rights reserved.


World's largest DDoS strikes US, Europe
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 762

Vote