Spike in DDoS attack size driven by NTP misuse
Posted on 29 April 2014.
The beginning of 2014 saw 1.5 times the number of attacks over 20GB/sec, compared to the rest of 2013, according to new stats released by Arbor Networks today.


At the Infosecurity Europe 2014, the company released global DDoS attack data derived from its ATLAS threat monitoring infrastructure, which shows an unprecedented spike in volumetric attacks, driven by the proliferation of NTP reflection/amplification attacks.

NTP is a UDP-based protocol used to synchronize clocks over a computer network. Any UDP-based service including DNS, SNMP, NTP, chargen, and RADIUS is a potential vector for DDoS attacks because the protocol is connectionless and source IP addresses can be spoofed by attackers who have control of compromised or ‘botted’ hosts residing on networks which have not implemented basic anti-spoofing measures.

NTP is popular due to its high amplification ratio of approximately 1000x. Furthermore, attacks tools are becoming readily available, making these attacks easy to execute.

ATLAS is a collaborative partnership with nearly 300 service provider customers who share anonymous traffic data with Arbor in order to deliver a comprehensive, aggregated view of global traffic and threats. ATLAS collects 80TB/sec of traffic and provides the data for the Digital Attack Map, a visualisation of global attack traffic created by Google Ideas.

NTP attacks highlights
  • Average NTP traffic globally in November 2013 was 1.29 GB/sec, by February 2014 it was 351.64 GB/sec
  • NTP was used in 14% of DDoS events overall but 56% of events over 10 GB/sec and 84.7% of events over 100 GB/sec
  • US, France and Australia were the most common targets overall
  • US and France were the most common targets of large attacks.
“Arbor has been monitoring and mitigating DDoS attacks since 2000. The spike in the size and frequency of large attacks so far in 2014 has been unprecedented,” said Arbor Networks Director of Solutions Architects Darren Anstee. “These attacks have become so large, they pose a very serious threat to Internet infrastructure, from the ISP to the enterprise.”






Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //