Events, news, technologies and products about cyber security
Friday, February 14, 2014
[scmagazine] Arbor Networks observes several large NTP-based DDoS attacks
Arbor Networks announced on Friday that it observed several large NTP-based distributed denial-of-service (DDoS) attacks this week, including one on Monday that peaked at 325 gigabytes per second.
The unknown targets in the Monday attack were located in France, Kirk Soluk, threat intelligence and response manager at Arbor Networks, told SCMagazine.com in a Friday email correspondence.
Since Monday, Arbor Networks observed at least four more attacks – against targets in France – that exceeded 100 gigabytes per second, according to Soluk, who explained that an attack on Feb. 13 peaked at 266 gigabytes per second.
The attacks appear to have nothing to do with the country of France, in particular, but rather the targets located in France, Soluk said, adding Arbor Networks does not know exactly who was targeted.
The Friday announcement comes days after CloudFlare announced that it had fought off a massive NTP reflection DDoS attack that peaked at nearly 400 gigabytes per second. In that instance, the outward effects of the attack were said to have been felt most in Europe.
When asked why he thought these types of high-impact DDoS attacks are on the rise, Soluk said it is due in part to the “arms race” nature of security.
“Attackers will always be looking to up the ante and circumvent existing defenses,” Soluk said. “Additionally, by their nature, [NTP-based] reflection/amplification attacks are designed to cause high impact with little effort. There are numerous UDP-based protocols that can be abused this way to achieve this result – NTP is only one of them. Hackers have been successful with them lately and so others are jumping on the bandwagon.”
NTP stands for Network Time Protocol, which computers use to set clocks accurately, and an NTP reflection attack involves sending large amounts of data based on short requests, according to a blog post by John Graham-Cumming, a programmer with CloudFlare.
In the Friday post, Soluk went into detail on some methods to defend against various types of DDoS attacks, such as using anti-spoofing technologies.