A company that is supposed to protect against DDoS (distributed denial-of-service) attacks just suffered what appears to be the largest one ever. According to IT News, CloudFlare, a content delivery network and security provider, said that the attack reached over 400 Gbps at its peak, 100 Gbps more than the previous record.
The attackers appear to have used an increasingly popular method called NTP (Network Time Protocol) Reflection, which uses a timing mechanism to greatly amplify the attack. According to security vendor Black Lotus, “100Mbps of spoofed NTP traffic can cause 5.8Gbps of malicious traffic to strike the spoofed target.” NTP Reflection attacks also conceal who the attackers were because the initial requests are spoofed.
CloudFlare CEO Matthew Prince is taking the attack in stride, but appears to be worried about the new form of attack. On Twitter, he called NTP Reflection attacks “really nasty” and said, “someone’s got a big, new cannon. Start of ugly things to come.”
CloudFlare published a blog post last month with details about how NTP Reflection attacks work. The post offers advice on how to avoid such an attack, so its interesting that CloudFlare wasn’t able to avoid one itself.