A massive DDoS attack hit EU- and US-based servers, with security companies reporting it to be even more powerful than last year’s Spamhaus attacks. While the method of the attack was not new, CloudFlare warned there are “ugly things to come.”
Only scant details about the attack were released by US-based web performance and security firm CloudFlare, which fought back against the distributed denial of service (DDoS) attack early Tuesday.
According to CloudFlare CEO Matthew Prince, the attack reached 400 gigabits per second in power – some 100Gbps higher than the notorious Spamhaus cyber-assault of March 2013 that at the time was branded the largest-ever attack in the history of the internet.
“[It was] very big. Larger than the Spamhaus attack from last year… Hitting our network globally but no big customer impact outside of Europe,” Prince was quoted as saying by TechWeekEurope blog.
Prince said one customer was initially targeted by the attack, but added that he would not disclose the customer’s identity.
Mitigating an attack causing some performance degradation in multiple locations
— CloudFlareStatus (@CloudFlareSys) February 11, 2014
What makes the recent attacks worse is the so-called “spoofing” of IP addresses of attackers, making it look as if the victim is actually generating those spam requests. The number of trash requests also skyrockets by “large” replies thrown back at the target from a number of servers “compromised” in the attack. For this reason, such tactics are often referred to as an “reflection and amplification” attack.
Back in January, the US Computer Emergency Readiness Team (US-CERT) issued a warning about such NTP amplification attacks after a number of prominent gaming services were brought down by them in December, including Steam, League of Legends and Battle.net.
While CloudFlare in its warning urged server administrators to patch and upgrade their NTP servers to solve the issue, it appears that few have since bothered to carry out these security measures.[RT]