One of the biggest distributed denial of service (DDoS) attacks ever recorded hit European networks yesterday, according to content delivery network CloudFlare.
Few details about the attack have emerged, but CloudFlare said it was probably close to 400Gbps in power, as it continues to investigate. The firm revealed the previous number one DDoS attack last year, measuring in at just over 300Gbps, targeted at anti-spam outfit Spamhaus.
“[It was] very big. Larger than the Spamhaus attack from last year. Volume based so congesting at Layer 3 in some parts of Europe. Hitting our network globally but no big customer impact outside of Europe.”
Prince said one customer had been targeted again, but this time he could not reveal who.
Akamai, another major content delivery network and DDoS mitigation firm, said it had no insight into the attack.
French hosting firm OVH has also said over Twitter it has experienced an attack over 350Gbps.
The attackers used an increasingly common technique amongst DDoSers, which involves exploiting the UDP-based Network Timing Protocol. That protocol is normally used to sync clocks on machines, but attackers have discovered they can exploit a weakness that allows them to query an NTP server about connected clients and their traffic counts.
By spoofing an IP address, attackers can make it appear a target is making these queries, using the “monlist” command. When these requests are made en masse, the traffic generated can be overwhelming, as the NTP server sends back a list of the last 600 IP addresses which connected to it.
In January, the United States Computer Emergency Readiness Team (US-CERT) was moved to put out a warning about such NTP amplification attacks and the technique was used to take down a number of gaming services last December, including Steam, League of Legends and Battle.net.
Admins could do the world a favour by implementing a patch and upgrading their NTP servers, as the latest release addresses the issue. The NTP technique is similar to the one used in the Spamhaus attacks of last year, when open DNS servers were exploited for amplification. Two sites have been set up to monitor the use of vulnerable DNS and NTP servers – openresolverproject.org and openntpproject.org.
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…