CloudFlare: Biggest DDoS Ever Hits Europe

One of the biggest distributed denial of service (DDoS) attacks ever recorded hit European networks yesterday, according to content delivery network CloudFlare.

Few details about the attack have emerged, but CloudFlare said it was probably close to 400Gbps in power, as it continues to investigate. The firm revealed the previous number one DDoS attack last year, measuring in at just over 300Gbps, targeted at anti-spam outfit Spamhaus.

‘Larger than Spamhaus DDoS’

Despite its apparent strength, there does not seem to have been any serious downtime as a result of the DDoS, unlike the Spamhaus attacks, which took out a swathe of sites.  “There was extra latency in Europe. Overall, network was unaffected,” said Matthew Prince, CEO of CloudFlare.

“[It was] very big. Larger than the Spamhaus attack from last year. Volume based so congesting at Layer 3 in some parts of Europe. Hitting our network globally but no big customer impact outside of Europe.”

Prince said one customer had been targeted again, but this time he could not reveal who.

Akamai, another major content delivery network and DDoS mitigation firm, said it had no insight into the attack.

French hosting firm OVH has also said over Twitter it has experienced an attack over 350Gbps.

The attackers used an increasingly common technique amongst DDoSers, which involves exploiting the UDP-based Network Timing Protocol. That protocol is normally used to sync clocks on machines, but attackers have discovered they can exploit a weakness that allows them to query an NTP server about connected clients and their traffic counts.

By spoofing an IP address, attackers can make it appear a target is making these queries, using the “monlist” command. When these requests are made en masse, the traffic generated can be overwhelming, as the NTP server sends back a list of the last 600 IP addresses which connected to it.

In January, the United States Computer Emergency Readiness Team (US-CERT) was moved to put out a warning about such NTP amplification attacks and the technique was used to take down a number of gaming services last December, including Steam, League of Legends and Battle.net.

Admins could do the world a favour by implementing a patch and upgrading their NTP servers, as the latest release addresses the issue. The NTP technique is similar to the one used in the Spamhaus attacks of last year, when open DNS servers were exploited for amplification. Two sites have been set up to monitor the use of vulnerable DNS and NTP servers – openresolverproject.org and openntpproject.org.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago