Find a Question:
Dutch ntp servers abused by large DDoS attack on CloudFlare
In the DDoS attack on CloudFlare, reportedly the largest DDoS attack ever, also Dutch ntp servers. Through a vulnerability in the network time protocol ntp servers can be used by an attacker to increase its capacity.
In total more than 4500 ntp servers were in the DDoS attack, which was / s exceptionally large with 400Gbit abused. Of them were there at least twenty in the Netherlands and at least one in Belgium, according to an analysis published CloudFlare. The servers were hosted by Leaseweb clients, PCextreme, KPN and XS4ALL. UPC is also on the list of networks, but it seems that it is a foreign branch of that provider.
Due to the high bandwidth of the attack on Monday occurred in several parts of Europe internet problems, although CloudFlare says himself limited to have had. Troubled by the attack CloudFlare is a company that client websites protects against DDoS attacks and other types of overload. The attack would be directed to an unknown customer of the company.
It was an attack that ntp amplification was used. This may increase his attack power more than two hundred times an attacker. Due to spoof the IP address of the target and to send a request to a monlist ntp server supposedly from that IP address is a list of the last 600 IP addresses that have had the server to the specified ip contact address sent. The answer is thus 206 times greater than the request.
NTP amplification is possible because the request is made, that unlike TCP requires no handshake. Over UDP The network must allow the attacker to spoof IP addresses, something that according to the guidelines should not be. CloudFlare therefore calls on network administrators to create, if they have not already done so. Ip spoofing impossible
NTP amplification is similar to DNS amplification, which DNS servers are burned. Using spoofed IP addresses in the same way CloudFlare warns that amplification attacks are even more dangerous by the simple network management protocol, because the attacker can use to increase its attack. Capacity by a factor of 650 “We see that attackers are already experimenting,” says CloudFlare.
ddos ntp cloudflare
The ntp servers that were used in the attackViewing:-342
Tags: animals-that-have-gone-extinct-in-2013, chrome-cast-hacks, hack-chrome-cast, httptechn4all-comtechnology-gadgets-mobile-phonesunlock-android-phone-bypass-google-sign-in-bypass-pattern-lock-crack-samsung-pattern-lock-crack-google-sign-in-android, httptechn4all-comtechnology-gadgets-mobile-phonesunlock-android-phone-bypass-google-sign-in-bypass-pattern-lock-crack-samsung-pattern-lock-crack-google-sign-in-androidry, m-here-comredirect-html, nokia-normendi-feature, nvidia-gtx-765-gaming, nvidia-gtx-765-m, seagate-wireless-plus-hacks, synology-disk-station-5-0, techn4all, techn4all-com, test-com, ttt, woatsab
Answer this Question
You must be Logged In to post an Answer.
Not a member yet? Sign Up Now »
Star Points Scale
Earn points for Asking and Answering Questions!