CloudFlare, a US website protection provider, reported a massive distributed denial of service (DDoS) attack hitting their systems on Monday.
According to itnews, the attack is the largest DDoS attack recorded so far. Matthew Prince, co-founder and CEO of CloudFlare, said the attack flooded the company with over 400Gbps of traffic at one point; that's 100Gbps more than the largest recorded attack in March of 2013. It's unknown how many of CloudFlare's clients have been affected by the attack at this time.
[ CHECK OUT : Security as a Service: Guide To Cloud Solutions ]
Part of the reason this attack was so powerful is probably due to the use of a Network Time Protocol (NTP) exploitsometimes used in DDoS attacks. Black Lotus, a DDoS protection service provider, stated in a recent report that the magnitude of a DDoS attack could be multiplied by 58.5 if using the NTP exploit.
NTP-based DDoS attacks take advantage of the "monlist" command. "Monlist is a remote command in older version of NTP that sends the requester a list of the last 600 hosts who have connected to that server," according to Symantec. "For attackers the monlist query is a great reconnaissance tool. For a localized NTP server it can help to build a network profile. However, as a DDoS tool, it is even better because a small query can redirect megabytes worth of traffic."
Allowing a computer to become part of a NTP DDoS attack is fairly easy because the NTP is not something many people pay attention to. Symantec makes sure to point this out and offers two solutions:
- The monlist query is only present in older versions of NTP protocols so an update would eliminate the exploit.
- A user may also manually start the NTP daemon in nonquery mode, which prevents access to modes where the monlist command is present.
In 2013 it seemed that DDoS attacks were on the rise. According to a mid-year report by NSFOCUS, one major DDoS attack occurred every two days between the months of January and June. In addition, out of a total of 168,459 DDoS attacks, 1.29 common attacks took place every two minutes. "Hacktivism" seemed to be the most popular motive for the observed attacks holding 91.1 percent of recorded attacks, while attacks on businesses came in second at 4.4 percent.