Feeds

Europe shrugs off largest DDoS attack yet, traffic tops 400Gbps

NTP flaw used again, effects minimal

Internet Security Threat Report 2014

Once again hackers are targeting content-delivery firm Cloudfare, and the company says this latest attack is its biggest yet, peaking at over 400Gbps of traffic.

"Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating," tweeted Cloudflare's CEO Matthew Price. "Someone's got a big, new cannon. Start of ugly things to come."

The attack used a well-known flaw in the Network Time Protocol (NTP) that's used to set the clocks of servers connecting online. The User Datagram Protocol (UDP)-based protocol can be subverted using a synchronization request so that a target system spews out a large volume of data that can be used in a DDoS attack.

The problems with NTP are well-recognized, and in January US-CERT issued a bulletin about the issue, which was backed up by security researchers who warned that the technique was becoming particularly popular. In December an NTP attack was carried out against online gaming servers, and security firm Symantec said it has seen a big spike in similar traffic.

As it turns out, the effects on servers was minimal. While the last attack against Cloudflare and antispammers at Spamhaus in March caused brief, but significant, slowdowns in many servers, this latest attack appears to have been largely shrugged off.

"It's the nature of many denial-of-service attacks that they are fairly transient, really," Nathaniel Couper-Noles, principal consultant at security firm Neohapsis, told The Register. "Once you stop sending the attacks, the lines clear and the network goes back to normal. In certain DDoS attacks there is a load factor, so if you don't have adequate cooling, driving up the load factor to 100 per cent – in some really rare cases – a piece of equipment can malfunction."

For IT managers, the best step to make sure servers aren't used in this way is to watch network traffic closely, he said, and harden up their systems – either using Windows registry or Cisco's IOS interface – and to filter outbound NTP as a good-neighbor policy. ®

Remote control for virtualized desktops

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
State Dept shuts off unclassified email after hack. Classified mail? That's CLASSIFIED
Classified systems 'not affected' - but, is this reconnaissance?
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.