Today, a web company named CloudFlare responsible for tracking global performance metrics said it has detected the world’s largest DDOS ever attempted, setting the record at a whopping 400 Gigabits per second.
Although DDOS attacks are nothing new, this method of utilizing vast botnets to overload servers only relied on NTP systems since December of last year. NTP is most often used in common operating systems for services like updating the time or calendar, and has not been seen as part of a DDOS network before these last several attacks were launched.
The attack originated from various sources across multiple continents, and only marks the start of a very long winter for network analysts and IT specialists everywhere.
“According to Arbor Networks’ ninth Annual Worldwide Infrastructure Security Report (WISR) the size of attacks in 2013 eclipsed previous peaks by over 200 percent, with the largest reported attack at 309Gbps. Plus, multiple respondents reported attacks larger than 100Gbps — the previous largest attack size. At 325Gbps [this] attack was yet another new milestone. ATLAS also verifies this growth, with more than 8 times the number of attacks over 20Gbps tracked in 2013, as compared to 2012. Larger attacks are becoming more common and network operators need to ensure that they have the people, processes and infrastructure in place to handle large attack volumes before service, potentially for multiple customers, is impacted.”
As far as CloudFlare has been able to figure out, the botnet in this specific campaign was using 4,529 NTP servers, running on 1,298 separate networks.
To prevent your computer from getting unexpectedly picked up for one of these plots, there are a few simple steps you can follow to be sure you don’t remain vulnerable to this type of hack. First, check to see if your NTP server is easily exploitable through this online app, which automatically scans your setting and alerts you if anything looks out of the ordinary.
Second, double-check to verify that your network does not allow for IP spoofing, which is the main resource that hackers are after when they go on these types of offensive.
While we can only speculate where the threshold for DDOS attacks exists, it’s amazing to see that we live in a time where so many different computers can remain vulnerable at once and only a few people out there are actively working on a cure.