Biggest ever DDoS attack in History of internet.

Old No Comments on Biggest ever DDoS attack in History of internet. 21

On February 10, 2013, the largest ever distributed denial-of-service DDOS attack hit headlines targeting one client of a content delivery network company known as CloudFlare. The attack hit data centres of the company in Europe and US even but only Europe traffic was affected. Matthew Prince, CloudFlare’s CEO, posted on twitter describing the volume of the attack which measured more than 400 gigabits per second, therefore making it the biggest DDoS attack to be ever recorded. Even though the method used by the DDoS attack wasn’t new, the CEO of CloudFlare warned of “ugly things to come.”

The power of this massive 400 Gbps DDoS attack was a 100 Gbps higher than the infamous Spamhaus cyber-assault recorded in March 2013 which was previously branded as the biggest attack to be ever recorded in the history of internet.

Matthew Prince noted that it’s during Tuesday at Midday when the attack started to peak. He stated that there was distribution of traffic across the world but effects of this huge DDoS attack was mostly felt in Europe. CloudFlare spent a couple of hours trying to mitigate the attack but it’s said that a large network in Europe had not been affected.

Even if the CEO of CloudFlare decline to give the identity of the targeted client, because of the company’s policies on confidentiality, the founder and CEO of French Web hosting service, Octave Klaba, posted on twitter that his company had been hit by a DDoS attack with more than 350 Gbps in bandwidth. It’s not clear whether it’s the one experienced by CloudFlare.

CloudFlare’s DDoS attack used the Network Time Protocol (NTP) reflection which is a similar technique used by the current attacks used by a group known as DERP Trolling against gaming sites. Network Time Protocol (NTP) is used in synchronizing settings of time on computers all over the internet. Fraudulent synchronization requests were made by the attack to the NTP servers that forced them to respond back with flood of replies at the targeted sites.

Reflection attacks have always been a foundation of botnets and DDoS tools but the technique of using NTP in these attacks is quite new. Spamhaus attack that happened last year that had earlier set the record as the biggest ever DDoS attack used Domain Name Service (DNS) protocol attack. This is a common approach that makes use of the directory service of the internet, whereby it forges DNS lookups requests from the intended target and sends them the open DNS servers’ scores.

The traffic size from these requests which is directed back to the target exceeds by far the size of requests sent to DNS servers. This gives is the reason why the technique is commonly known as a DNS amplification attack.

However, NTP sends back relatively small amount of data to respond to requests. There are efforts made to avoid DNS amplification attacks by lowering the open DNS servers’ number that’s available to attackers. There consist more than 3,000 public time servers which are active and configured to respond to requests by NTP and also additional time servers on networks with small size that may be open to requests from outside.

There is a recent discovery that shows NTP vulnerability which enable amplification attacks same as the previous DNS attack which made use of a command known as “monlist” in the protocol used for sending IP addresses of the last 600 devices linked to the server. These requests are sent through a packet that include victim’s forged address. They send a data torrent back to the targeted site. Similar to reflection attacks of DNS, the NTP attacks can be effectively diminished by network operators by configuring their firewalls to block any external requests.


Related Articles

Leave a comment

Back to Top