Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Arbor Networks Reports Unprecedented Spike in DDoS Attack Size Driven by NTP Misuse

April 2014 by Arbor Networks

Arbor Networks Inc. released global DDoS attack data derived from its
ATLAS threat monitoring infrastructure. The data shows an unprecedented spike in
volumetric attacks, driven by the proliferation of NTP reflection/amplification
attacks.

NTP is a UDP-based protocol used to synchronize clocks over a computer network. Any
UDP-based service including DNS, SNMP, NTP, chargen, and RADIUS is a potential
vector for DDoS attacks because the protocol is connectionless and source IP
addresses can be spoofed by attackers who have control of compromised or ’botted’
hosts residing on networks which have not implemented basic anti-spoofing measures.
NTP is popular due to its high amplification ratio of approximately 1000x.
Furthermore, attacks tools are becoming readily available, making these attacks easy
to execute.

ATLAS is a collaborative partnership with nearly 300 service provider customers who
share anonymous traffic data with Arbor in order to deliver a comprehensive,
aggregated view of global traffic and threats. ATLAS collects 80TB/sec of traffic
and provides the data for the Digital Attack Map<http://www.digitalattackmap.com/> ,
a visualisation of global attack traffic created by Google Ideas.

NTP Attacks Highlights

* Average NTP traffic globally in November 2013 was 1.29 GB/sec, by February
2014 it was 351.64 GB/sec

* NTP was used in 14% of DDoS events overall but 56% of events over 10
GB/sec and 84.7% of events over 100 GB/sec

* US, France and Australia were the most common targets overall

* US and France were the most common targets of large attacks

"Arbor has been monitoring and mitigating DDoS attacks since 2000. The spike in the
size and frequency of large attacks so far in 2014 has been unprecedented," said
Arbor Networks Director of Solutions Architects Darren Anstee. "These attacks have
become so large, they pose a very serious threat to Internet infrastructure, from
the ISP to the enterprise."

NTP Resources:
Arbor Networks has covered the rise in NTP attacks extensively, providing a wide
range of data, research, analysis and best practices.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts