The largest DDoS attack ever peaked at 400 Gbps

Reflection DDoS The attack uses Internet facilities to amplify the traffic targeted at the victims . The last major attack occurred last year against Spamhaus. That's used “ Configuration error ” Of DNS The server , It is reported that 300 Gbps Peak value . This uses the network time protocol (NTP), It is believed that 400 gbps.

AlienVault The research team engineer Eduardo de la Arada The method is explained ：“NTP The server is a server used to synchronize the system clock . One of the available requests is MON_GETLIST, It returns up to 600 The address of the machine NTP The server has interacted with it . therefore , For a small （234 byte ） request , The server can respond to a large packet （ More or less 48k）. You can change the sender address to the destination address , And send a large number of requests to multiple NTP The server —— The generated traffic sent to the target can be very large .”

Corero Network Security CEO of Ashley Stephenson Pointed out that , This technology is not new .“ actually , This is a 2011 In DDoS A technology first discussed in the environment , But in recent months it has often made headlines .”  Prince confirmed this . This is nothing new ,“ Just a big one NTP attack ,” He tweeted . But he also commented ,“ Someone has a new cannon . The scandal is about to begin .”

The delay between discussion and careful implementation can be attributed to the need to find as many vulnerable servers as possible to reflect / Zoom in . Not all NTP Servers are vulnerable to attack , So attackers have to scan the Internet to find them .“ The more servers they collect ,”de la Arada explains ,“ The stronger the attack . Not all servers have this feature , It has been deleted , Therefore, the attacker must scan the Internet to find the information earlier than 4.2.7 Version of .”  according to Prince That's what I'm saying , This attack “ Based on the sampling data, it seems that [ involve ] exceed 4,500 Configuration errors NTP The server .”

Lancope Chief technology officer Tim Keanini comments ,NTP The problem has long been fixed ,“ But the problem is that people don't manage their services the way they should . ” “ This fix has been around for a long time , And there are websites that test these vulnerabilities for free - But the administrators of these servers still irresponsibly let them not be patched , And help attackers cause this type of damage . Internet ,” He added , “ Like a neighbor who likes to play with explosives in the next apartment .”

However , The worry now is , Is this just a new season DDoS The beginning of the attack .“ It seems that this attack （ be based on NTP） It became popular during Christmas ,”de la Arada commented .“ But a lot of updates NTP The server is just a matter of time , Otherwise, attackers will find another reflection technique to improve their DDoS attack .”

“ The reason why these attacks are getting bigger is that the pipeline is getting bigger ,” Ginini said . The larger the pipe , The bigger the attack .“ Next year, , I expect traffic to at least double per second .”

Stephenson agreed to this new “ Record ” It won't last long .“DDoS The motives for the attack are broad and unpredictable , At the same time, the attack tools and the complexity of attacks are also developing . This is an unstable combination , Can attack any Internet business at any time .”  He thinks that ,ISP More needs to be done to protect their customers ,“ Enhance their network infrastructure and services by adding additional security layers , The malicious traffic close to the source can converge to the expected DDoS The victim was previously examined and tested .”