DDoS Larger Than the Spamhaus Attack Strikes US and Europe 158
mask.of.sanity writes "CloudFlare has been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector. The Network Time Protocol Reflection attack exploits a timing mechanism that underpins a way the Internet works to greatly amplify the power of what would otherwise be a small and ineffective assault. CloudFlare said the attack tipped 400Gbps, 100Gbps higher than the previous record DDoS attack which used DNS reflective amplification."
Why are network providers allowing FORGED packets (Score:5, Insightful)
Serious question. why are network providers allowing FORGED packets to leave their networks?
Re:And yet... (Score:3, Insightful)
The ISPs of the world keep letting this kind of crap happen.... It should be pretty obvious when someone is trying to DDoS a server. Even if they don't want to lose a "paying customer", simply cutting access to that server for x amount of time for that IP would be more than enough.
I understand where you're coming from but I think that may be a premature observation. I doubt this is just an attack against a single IP address. You should also remember that there comes a point where the incoming volume of traffic destined for the IP address(es) under attack overwhelms the upstream carriers prior to the null-routing of said addresses. The lower the null-route is set, the greater the chance for upstream impact. Mitigating heavy DDoS isn't always just a simple matter.
Re:And yet... (Score:5, Insightful)
Re: They need to get better at tracking these thin (Score:2, Insightful)
Our last inbound attack appeared to come from over 50 million very well spread out different IPs. Of course those are all spoofed IPs but either way you can't effectively block that many without blocking larger amounts of legit traffic.
Re: Why are network providers allowing FORGED pack (Score:4, Insightful)
Re:And yet... (Score:4, Insightful)
Which is going to be a great explanation to talk about on TV talk shows. Alongside of why ISPs cut off innocent people who are victims of a crime off the internet as an additional punishment, and what should be done about those evil ISPs.
All the while the person dumb enough to actually make that career ending call enjoys his new career at local fast food restaurant.