Recently a record-breaking distributed denial of service attack (DDos) was made on CloudFlare, an online company that operates a global content delivery network. The attack hit their data centres in both the US and Europe. The attack is the largest we have seen and exceeded 400 gigabits per second; this record makes it the largest DDos attack ever recorded.

How the attacks are carried out

The attack used Network Time Protocol (NTP) reflection, which uses similar techniques seen in the recent gaming attacks by a group called DERP trolling. The way the NTP is used is by synchronising the time settings on computers across the internet. Fraudulent synchronisations are then made to send requests to NTP servers that causes them to send back a flood of replies to the targeted sites. The attacked sites then get overloaded which can cause them to be taken offline as normal users are unable to access the site due to the heavy traffic.

DDoS Amplifies Attacks

The reason DDoS attacks can be amplified is due to the several protocols that can be abused to amplify DDoS attacks. NTP and two other types include DNS (domain name system) and SNMP (simple network management protocol) that can also be used. What all three protocols have in common is that they allow a small query to generate a much larger response, which is vulnerable to source IP spoofing. Attackers are able to generate eight times more traffic with DDNS reflection causing large responses from IP addresses.