CloudFlare, a company that provides various web services, including security-related, reported to have been the victim of an online attack that affected the company’s data centers in Europe and the USA. The DDoS attack has exceeded 400 Gbps, making it the most massive ever recorded in the history of the Internet.

Almost a year ago, CloudFlare was called to defend Spamhaus, an organization that maintains a list of spammers to filter, which was hit by an attack that generated an online traffic never seen before. The one just suffered directly from CloudFlare was even more massive and according to CloudFlare’s CEO Matthew Prince is a sign of ugly things to come.

Last year’s attack against Spamhaus used a technique called “DNS reflection”, the one carried out this week exploited a similar mechanism and for this reason was called “NTP reflection” that uses NTP servers instead of misconfigured DNS servers. The NTP (Network Time Protocol) is used to synchronize the clocks of computers over a packet-switched network.

The NTP protocol is used by many desktops and servers computers but also mobile phones to maintain their clocks synchronized and is ideal for DDOS attacks because the answer is much longer than the request. Basically, if the attacker sends a request to an NTP server to synchronize with a spoofed source address, a much larger amount of data will be sent to that address.

According to Black Lotus, another company specializing in security services on the Internet, this type of attack can reach an amplification factor of 58.5. That means that if the attackers have 1 Gbit of bandwidth they can create a traffic towards their victim which may reach 58.5 GBits.

Last month, CloudFlare published an article about this type of attack that gives us tips on how to mitigate it. The basic precaution is to keep the software of an NTP server updated, which is what any conscientious administrator of any kind of server should always do.

There are always bad guys ready to strike but on the Internet they often exploit the weaknesses of other people’s systems. This new attack demonstrates once again the importance of security, too often overlooked. The problem concern servers, which may have a lot of bandwidth available and thus can be used as cannons, but also normal desktops, which can be used as “zombies” to generate attacks within botnet composed of thousands of insecure computers.

[ad name=”AmazonElectronics468″]