Earlier this week a number of high-profile gaming services were taken down by distributed denial-of-service attacks (DDoS) that used a technique not seen before.
Instead of directly flooding the targeted services with torrents of data, an attack group calling itself DERP Trolling sent smaller-sized data requests to time-synchronisation servers running the Network Time Protocol.
Three times the effect
NTP reflection accounted for about 69 per cent of all DoS attack traffic by bit volume. The average size of these attacks was 7.3 gigabits per second, more than three times the average DDoS attack observed in December.
NTP servers help people synchronize their servers to very precise time increments. Recently, the protocol was found to suffer from a condition that could be exploited by DoS attackers. Luckily, NTP-amplification attacks are easy to repel, since virtually all NTP traffic can be blocked without any major negative consequences to the targeted site.
Black Lotus recommends network operators follow several practices to blunt the effects of NTP attacks. They include using traffic policers to limit the amount of NTP traffic, implementing large-scale DDoS mitigation systems, or opting for service-based approaches that provide several gigabits of standby capacity for use during DDoS attacks.