New NTP Denial of Service Attack

The CEO of CloudFlare has recently reported a new denial of service attack flooding the Internet using the Network Time Protocol.  He reports that the attack has been generating packet data at a rate of over 400Gbps.

What’s intriguing concerning the assault reported by CloudFlare is its strategy. DDoS is overwhelming the target’s web servers with even more data messages compared to what their routing equipment could handle, and both this and the Spamhaus strike seem to have used a “reflection and amplification” method to achieve this damaging effect.

In the case of the Spamhaus strike, the wrongdoers spoofed the IP address of the target and sent out off domain system queries.

The attackers purposely made queries that would generate a lot of larger response messages and, since they were faking their identity to whoever they were targeting, the unsuspecting victim would unexpectedly have lots of data flung at it, intensified by the lot of machines hijacked by the assaulter and utilized to send out these damaging messages.

This brand-new assault uses a comparable mechanism, only it does not exploit poorly set up DNS web servers. Rather, it utilizes network time protocol (NTP) servers — the service with which your computer will periodically check for finding the current time. This was similar to the strategy used to attack a bunch of large online gaming services in January 2014.