New DDoS attack breaks Spamhaus records

D-Day for DDoS

Code

A recent DDoS attack has been confirmed as the largest in history, 33 per cent bigger than the attack on Spamhaus in 2013.

The attack on February 10 against web hosting firm OVH, one of CloudFlare's customers, peaked at 400Gb/s, 100Gb/s more than the previous holder of the DDoS crown.

The technique employed, called NTP reflection, involved sending small monlist queries to open Network Time Protocol (NTP) servers, tricking them into think they originated from the company they are targeting, resulting in a flood of larger monlist responses coming back, which overrides the servers.

Matthew Prince, CEO of CloudFlare, tweeted: "someone's got a big, new cannon. Start of ugly things to come."

Vulnerable

In early January US-CERT outlined an NTP vulnerability in all versions of NTPD prior to 4.2.7. It recommended upgrading to a newer version immediately, or alternatively disabling the monitor functionality of earlier versions.

"This record setting attack is certainly cause for concern, and most likely will not continue to hold the 'largest DDoS attack' title for long. DDoS attack motivations are wide ranging and unpredictable, meanwhile attack tools and the sophistication of the attacks continue to evolve. It's a volatile combination that can strike any Internet business at any moment," said Ashley Stephenson, CEO of Corero Network Security.

While CloudFlare was able to "largely mitigate" against the attack, it reported that it was "big enough it caused problems even off our network." It had the most issues in Europe, where OVH is based.

Via InformationWeek