A content delivery network provider has today been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector.
The Network Time Protocol (NTP) Reflection attack exploits a timing mechanism that underpins a way the internet works to greatly amplify the power of what would otherwise be a small and ineffective assault.
US-based DDoS protection outfit CloudFlare was hit with the attacks after an unnamed customer was targeted.
It is unclear how many websites and users were affected, although at least one French networking host reported a 350Gbps DDoS attack during the assault.
CloudFlare chief executive Matthew Prince said the attack tipped 400Gbps, 100Gbps larger than the previous record DDoS attack which used DNS reflective amplification.
Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating.
— Matthew Prince (@eastdakota) February 10, 2014
Cloudflare did not return a request for more information by the time of publication.
Prince said on Twitter "someone's got a big, new cannon" and the attack was the "start of ugly things to come".
The nature of the NTP attack means it could be difficult to ascertain the location or identity of attackers since the initial requests that kick off the attacks are spoofed.
Denial of service protection vendor Black Lotus published one of the first public reports on a NTP Reflection attack that amplified the traffic by a staggering factor of 58.5.
"For example, 100Mbps of spoofed NTP traffic can cause 5.8Gbps of malicious traffic to strike the spoofed target," the report read.
The power of the vector was demonstrated last month in attacks that took down gaming streaming servers used by professional gamers for EA and League of Legends.
In December, Symantec researchers reported "large scale" NTP reflection attacks across the web.
While DDoS protection services can help to mitigate the impact of NTP DDoS', security experts urge administrators to correct web configuration errors squashing the attack vector.
"It's best to stem the flow of NTP-based DDoS by making simple configuration changes to firewalls and NTP servers. Doing so makes the web safer for everyone," Cloudflare wrote in a report.
The US Computer Emergency Response Team has also listed mitigation recommendations, as has security firm Qualys.
The OpenNTPProject can help administrators determine if their servers are vulnerable.
