Security experts confirmed that a content delivery network provider was recently hit by the largest denial of service attack in the world. The attackers used a Network Time Protocol (NTP) Reflection attack that exploited a flaw in the way that the Internet works to greatly amplify small and ineffective assaults.
The victim of the hacker attack was CloudFlare, which is actually meant to protect websites and providers from DDoS attacks itself. Thus far it is not clear how many sites and users were affected, but one of the networking hosts located in France reported a 350Gbps DDoS attack during the assault.
According to CloudFlare CEO, the attack tipped 400Gbps, which is at least 100Gbps larger than the previous record DDoS attack. The latter used DNS reflective amplification. CloudFlare claimed that “someone’s got a big, new cannon” and sadly suggested that this attack was the “start of ugly things to come”.
In the meantime, the fact that the intruders used NTP became a huge headache for security experts trying to find out who did it. The matter is that the initial requests which kick off the attacks are spoofed. In case the hacker sends 100Mbps of spoofed NTP traffic, it can cause up to 5.8Gbps of malicious traffic to strike the spoofed target.
Security experts also point out that early versions of the hack have already taken down gaming streaming servers, which were used by professional gamers for EA and League of Legends. Although DDoS protection services are able to help to mitigate the impact of NTP DDoS attack, security specialists claim that administrators have to correct Internet configuration mistakes which squash the attack vector. The experts say that all you need to do to stem the flow of NTP-based DDoS is to make the simplest configuration changes to firewalls and NTP servers. However, this seems to be out of the league of many to sort out.