Content delivery network CloudFlare reported that one of its clients was hit by the biggest distributed denial of service (DDoS) attack ever seen in the European network. The attack was close to 400Gbps in size making it bigger than the DDoS attack against anti-spam outfit Spamaus who (last year) measured an attack at just over 300Gbps.
CloudFlare couldn’t reveal the identity of the customer who was attacked; however the DDoS attack posed a bigger threat on European networks with French hosting outfit OVH reporting an attempted attack of 350Gbps. It is not known if these attacks are by the same organisation.
CloudFlare’s CEO Matthew Prince reported the news on Twitter saying “someone’s got a big, new cannon” and the attack was the “start of ugly things to come”.
The attacker used a Network Timing Protocol (NTS) server to exploit a weakness in the UDP-based NTS, which connects synchronised clocks on machines to the internet. Next the hackers spoofed the IP address of the target and sent DNS queries to open DNS resolvers to answer requests from anywhere. This resulted in overwhelming levels of traffic going to the NTP server.
Martin McKeay, senior security advocate at Akamai Technologies said “At 400Gbps, it’s conceivable that the attack is being run by a small botnet outputting 20Gbps to 30Gbps of traffic,” and has advised many IT administrators patch and upgrade their NTP servers and check their management rights.