Attackers use NTP reflection in huge DDoS attack
The attack peaked at over 400Gbps, according to CloudFlare, the company whose infrastructure was targeted
IDG News Service - Attackers abused insecure Network Time Protocol servers to launch what appears to be one of the largest DDoS (distributed denial-of-service) attacks ever reported, this time against the infrastructure of CloudFlare, a company that operates a global content delivery network.
The attack was revealed Monday on Twitter by Matthew Prince, CloudFlare's CEO, who said that it's "the start of ugly things to come" because "someone's got a big, new cannon."
The size of the attack appears to have been just shy of 400Gbps, ranking it among the largest DDoS attacks CloudFlare has seen, Prince said Tuesday via email, adding that the company is still gathering data about the incident from upstream providers.
The attack could be larger than the one last March against Spamhaus, a spam-fighting organization and CloudFlare customer whose website was hit by a 300Gbps DDoS attack, which was considered to be the largest in history at the time. CloudFlare reported then that it caused congestion at critical Internet exchange nodes in Europe. However, other companies later challenged the reported impact.
The new attack Monday used a technique called NTP reflection that involves sending requests with spoofed source IP addresses to NTP servers with the intention of forcing those servers to return large responses to the spoofed addresses instead of the real senders.
The attack was directed at a CloudFlare user, Prince said, but he declined to disclose any additional details about the customer citing the company's policy.
The DDoS traffic hit CloudFlare's data centers worldwide, but only caused temporary congestion on the company's network in Europe, he said.
There is also some anecdotal evidence that there were congestion issues in other parts of the Internet infrastructure that are not directly related to CloudFlare, but nothing definitive, he said. "The most likely place that slowness would have been observed is across European peering exchanges. However, our team moved quickly to take traffic off exchanges in order to minimize collateral damage."
Shortly after Prince revealed the attack on Twitter, Octave Klaba, the founder and CEO of large French hosting provider OVH, reported that his company's network had also been hit for hours Monday with a DDoS attack that far exceeded 350Gbps.
It's not clear if the attack against OVH also used NTP reflection or if it's related to the attack against CloudFlare.
"I would suspect they were likely related due to the similar timing and scale," Prince said. "However, I don't have direct evidence of that."
OVH did not immediately respond to a request for comment.
NTP is one of several protocols that can be abused to amplify DDoS attacks. Two others are DNS (Domain Name System) and SNMP (Simple Network Management Protocol).
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- BlackBeard Case Study In this case study, learn how a business with 95% of revenues generated online was hit by DDoS attacks over a 6-month period,...
- Four Ways DNS Can Accelerate Business Growth This e-book describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced traffic...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Network Security White Papers | Webcasts