A content delivery network provider was hit by what is claimed to be the world’s largest denial of service attack yesterday.
The hackers used a Network Time Protocol (NTP) Reflection attack which exploits a flaw in the way that the world wide wibble works to greatly amplify small and ineffective assaults.
The attack targeted CloudFlare which is supposed to protect sites and providers from DoS attacks. It is unclear how many websites and users were affected, although at least one French networking host reported a 350Gbps DDoS attack during the assault.
CloudFlare chief executive Matthew Prince said the attack tipped 400Gbps, 100Gbps larger than the previous record DDoS attack which used DNS reflective amplification.
Prince said on Twitter “someone’s got a big, new cannon” and the attack was the “start of ugly things to come”.
The fact that the hackers used NTP is a big headache for network Sherlocks trying to find out who did it.The initial requests that kick off the attacks are spoofed. If the hacker sends 100Mbps of spoofed NTP traffic can cause 5.8Gbps of malicious traffic to strike the spoofed target.
Early versions of the attack have already taken down gaming streaming servers used by professional gamers for EA and League of Legends.
While DDoS protection services can help to mitigate the impact of NTP DDoS’, security experts say that administrators need to correct web configuration errors squashing the attack vector.
All you need to do to stem the flow of NTP-based DDoS by making simple configuration changes to firewalls and NTP servers. This is out of the league of many to sort out.