Slashdot Mirror

← Back to Stories (view on slashdot.org)

DDoS Larger Than the Spamhaus Attack Strikes US and Europe

Posted by Unknown on from the do-not-stare-directly-into-the-udp-packet dept.

mask.of.sanity writes "CloudFlare has been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector. The Network Time Protocol Reflection attack exploits a timing mechanism that underpins a way the Internet works to greatly amplify the power of what would otherwise be a small and ineffective assault. CloudFlare said the attack tipped 400Gbps, 100Gbps higher than the previous record DDoS attack which used DNS reflective amplification."

2 of 158 comments (clear)

  1. Why are network providers allowing FORGED packets by Anonymous Coward · · Score: 5, Insightful

    Serious question. why are network providers allowing FORGED packets to leave their networks?

  2. Re:And yet... by jawnah · · Score: 5, Insightful

    How, exactly, would you propose that this is done by carriers? You say that it would be obvious if someone were attempting a DDoS attack but that may not be true. One of the major issues with DDoS is that it doesn't require tremendous bandwidth on the client sides. There could be millions of those (and with the fact that everyone thinks they need 50Mbps home internet for their web surfing) and there's plenty of bandwidth available that could be limited to appear like legitimate traffic. It has been my experience that the best attacks against things involve greater quantities of remote hosts and less bandwidth than fewer hosts with more bandwidth.