World's largest DDoS strikes US, Europe
Source: iTnews austrilia
A content delivery network provider has today been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector.
The Network Time Protocol (NTP) Reflection attack exploits a timing mechanism that underpins a way the internet works to greatly amplify the power of what would otherwise be a small and ineffective assault.
US-based DDoS protection outfit CloudFlare was hit with the attacks after an unnamed customer was targeted.
It is unclear how many websites and users were affected, although at least one French networking host reported a 350Gbps DDoS attack during the assault.
CloudFlare chief executive Matthew Prince said the attack tipped 400Gbps, 100Gbps larger than the previous record DDoS attack which used DNS reflective amplification.
Read more: http://www.itnews.com.au/News/372033,worlds-largest-ddos-strikes-us-europe.aspx
lapfog_1
(29,191 posts)of course, anyone really serious about time accuracy uses something like this
http://www.ebay.com/itm/Symmetricom-Datum-TS2100-GPS-Tymserve-NTP-Time-Server-/161219112385?pt=COMP_EN_Servers&hash=item2589686dc1
a standalone time generator that uses multiple non-internet sources of time synch (radio broadcast, GPS signals, you own atomic clocK )
Ichingcarpenter
(36,988 posts)its on the same day as
'Today we fight back''
https://thedaywefightback.org/international/
bananas
(27,509 posts)Right, anyone really serious about time accuracy is going to jump on that!
lapfog_1
(29,191 posts)not this exact unit, but a new one like this.
Just pointing out that a local time server isn't really that expensive anymore and the source of the time signal (for most applications) is not something that can be DDoS'ed (at least by those doing traditional Internet based jamming technology).
Berlum
(7,044 posts)Orsino
(37,428 posts)Bits don't kill sites; people kill sites.
Renew Deal
(81,845 posts)The answer is they don't. It's hyperbole
cosmicone
(11,014 posts)It shows how much bandwidth was consumed by the attacks and this attack consumed the most bandwidth as compared to any previous attacks.
bananas
(27,509 posts)If you are a member of the general public:
How can I check my server? - run the command ntpdc -n -c monlist - If you see a response, your server may be used in attacks.
How can I fix my server, router or other device? You should upgrade tp NTP-4.2.7p26 or later. You can add disable monitor to your ntp.conf and restart your NTP process if on an earlier version. Also check out the Team Cymru Secure NTP Template - Also see NTP Bug #1532
The server should also not respond to loopinfo or iostats requests as well
We are sending one packet to every IP to test if it generates a NTP MONLIST MODE 7 response
If you are a member of the security community:
You can contact the ntp-scan /at/ puck.nether.net to obtain the raw data. It is available for re-use in your reporting.