Network Time Protocol DDoS vuln only needs one bad apple.
In an "ugly" turn of events, a vulnerability in many NTP servers helps hackers deny service to others. Using a reflection attack, they managed to create 400 Gb/s of traffic to a single CloudFlare IP address. Presumably while cackling, "Amplify THIS!"
Do you run an NTP server? Have you made sure it's not vulnerable?
In IT Blogwatch, bloggers make like they're snow whiter than white. [You're fired -Ed.]
Your humble blogwatcher curated these bloggy bits for your entertainment.
Attackers abused insecure [NTP] servers to launch what appears to be one of the largest DDoS...attacks ever.
Matthew Prince, CloudFlare's CEO [said] "someone's got a big, new cannon." [It peaked] just shy of 400Gbps...larger than the one last March against Spamhaus...whose website was hit by a 300Gbps DDoS attack. The new attack [used] NTP reflection, which involves sending requests with spoofed source IP addresses...forcing [the] servers to return large responses to the spoofed addresses. ... [Reflection attacks] allow a relatively small query to generate a large response. ... In the case of DNS reflection...attackers could generate [8x] more traffic than they [send]. However, in the case of NTP and SNMP reflection it can be over 200x and 650x, respectively. MORE
[It's] the "start of ugly things to come", it has been warned.
NTP is one of several protocols used within the infrastructure of the internet to keep things running smoothly. Unfortunately...most of these protocols were designed and implemented at a time when the prospect of malicious activity was not considered. MORE
Back in January...US-CERT issued a warning about such...attacks after a number of prominent gaming services were brought down by them in December.
While CloudFlare in its warning urged server administrators to patch and upgrade...to solve the issue, it appears that few have since bothered. MORE