Feeds

Europe shrugs off largest DDoS attack yet, traffic tops 400Gbps

NTP flaw used again, effects minimal

The Power of One eBook: Top reasons to choose HP BladeSystem

Once again hackers are targeting content-delivery firm Cloudfare, and the company says this latest attack is its biggest yet, peaking at over 400Gbps of traffic.

"Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating," tweeted Cloudflare's CEO Matthew Price. "Someone's got a big, new cannon. Start of ugly things to come."

The attack used a well-known flaw in the Network Time Protocol (NTP) that's used to set the clocks of servers connecting online. The User Datagram Protocol (UDP)-based protocol can be subverted using a synchronization request so that a target system spews out a large volume of data that can be used in a DDoS attack.

The problems with NTP are well-recognized, and in January US-CERT issued a bulletin about the issue, which was backed up by security researchers who warned that the technique was becoming particularly popular. In December an NTP attack was carried out against online gaming servers, and security firm Symantec said it has seen a big spike in similar traffic.

As it turns out, the effects on servers was minimal. While the last attack against Cloudflare and antispammers at Spamhaus in March caused brief, but significant, slowdowns in many servers, this latest attack appears to have been largely shrugged off.

"It's the nature of many denial-of-service attacks that they are fairly transient, really," Nathaniel Couper-Noles, principal consultant at security firm Neohapsis, told The Register. "Once you stop sending the attacks, the lines clear and the network goes back to normal. In certain DDoS attacks there is a load factor, so if you don't have adequate cooling, driving up the load factor to 100 per cent – in some really rare cases – a piece of equipment can malfunction."

For IT managers, the best step to make sure servers aren't used in this way is to watch network traffic closely, he said, and harden up their systems – either using Windows registry or Cisco's IOS interface – and to filter outbound NTP as a good-neighbor policy. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.