About |

A daily digest of IT news, curated from blogs, forums and news sites around the web each morning. We highlight the key commentary and demystify the real story.

News Analysis

NTP reflection: Mirror, mirror, on the wall, who's the DDoS'iest of them all?

Network Time Protocol DDoS vuln only needs one bad apple.

In an "ugly" turn of events, a vulnerability in many NTP servers helps hackers deny service to others. Using a reflection attack, they managed to create 400 Gb/s of traffic to a single CloudFlare IP address. Presumably while cackling, "Amplify THIS!"

Do you run an NTP server? Have you made sure it's not vulnerable?

In IT Blogwatch, bloggers make like they're snow whiter than white. [You're fired -Ed.]

Your humble blogwatcher curated these bloggy bits for your entertainment.

Constantly vigilant for security news, Lucian Constantin is:

Attackers abused insecure [NTP] servers to launch what appears to be one of the largest DDoS...attacks ever.
...
Matthew Prince, CloudFlare's CEO [said] "someone's got a big, new cannon." [It peaked] just shy of 400Gbps...larger than the one last March against Spamhaus...whose website was hit by a 300Gbps DDoS attack. The new attack [used] NTP reflection, which involves sending requests with spoofed source IP addresses...forcing [the] servers to return large responses to the spoofed addresses. ... [Reflection attacks] allow a relatively small query to generate a large response. ... In the case of DNS reflection...attackers could generate [8x] more traffic than they [send]. However, in the case of NTP and SNMP reflection it can be over 200x and 650x, respectively. MORE

Aunty's Dave Lee traverses the interwebz:

[It's] the "start of ugly things to come", it has been warned.
...
NTP is one of several protocols used within the infrastructure of the internet to keep things running smoothly. Unfortunately...most of these protocols were designed and implemented at a time when the prospect of malicious activity was not considered. MORE

John "jgc" Graham-Cumming is coming to get you, DDoS'ers:

A month after I wrote this [we] got hit by a 400Gbps DDoS using the same technique. MORE

Meanwhile, Russia Today's anonymous content-farm-gnomes criticize the decadent West:

Back in January...US-CERT issued a warning about such...attacks after a number of prominent gaming services were brought down by them in December.
...
While CloudFlare in its warning urged server administrators to patch and upgrade...to solve the issue, it appears that few have since bothered. MORE

Computerworld Blogs Newsletter

Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.