Feeds

Europe shrugs off largest DDoS attack yet, traffic tops 400Gbps

NTP flaw used again, effects minimal

Secure remote control for conventional and virtual desktops

Once again hackers are targeting content-delivery firm Cloudfare, and the company says this latest attack is its biggest yet, peaking at over 400Gbps of traffic.

"Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating," tweeted Cloudflare's CEO Matthew Price. "Someone's got a big, new cannon. Start of ugly things to come."

The attack used a well-known flaw in the Network Time Protocol (NTP) that's used to set the clocks of servers connecting online. The User Datagram Protocol (UDP)-based protocol can be subverted using a synchronization request so that a target system spews out a large volume of data that can be used in a DDoS attack.

The problems with NTP are well-recognized, and in January US-CERT issued a bulletin about the issue, which was backed up by security researchers who warned that the technique was becoming particularly popular. In December an NTP attack was carried out against online gaming servers, and security firm Symantec said it has seen a big spike in similar traffic.

As it turns out, the effects on servers was minimal. While the last attack against Cloudflare and antispammers at Spamhaus in March caused brief, but significant, slowdowns in many servers, this latest attack appears to have been largely shrugged off.

"It's the nature of many denial-of-service attacks that they are fairly transient, really," Nathaniel Couper-Noles, principal consultant at security firm Neohapsis, told The Register. "Once you stop sending the attacks, the lines clear and the network goes back to normal. In certain DDoS attacks there is a load factor, so if you don't have adequate cooling, driving up the load factor to 100 per cent – in some really rare cases – a piece of equipment can malfunction."

For IT managers, the best step to make sure servers aren't used in this way is to watch network traffic closely, he said, and harden up their systems – either using Windows registry or Cisco's IOS interface – and to filter outbound NTP as a good-neighbor policy. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.