Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security The Internet

DDoS Larger Than the Spamhaus Attack Strikes US and Europe 158

mask.of.sanity writes "CloudFlare has been hit by what appears to be the world's largest denial of service attack, in an assault that exploits an emerging and frightening threat vector. The Network Time Protocol Reflection attack exploits a timing mechanism that underpins a way the Internet works to greatly amplify the power of what would otherwise be a small and ineffective assault. CloudFlare said the attack tipped 400Gbps, 100Gbps higher than the previous record DDoS attack which used DNS reflective amplification."
This discussion has been archived. No new comments can be posted.

DDoS Larger Than the Spamhaus Attack Strikes US and Europe

Comments Filter:
  • by Anonymous Coward on Tuesday February 11, 2014 @01:33AM (#46215429)

    Serious question. why are network providers allowing FORGED packets to leave their networks?

  • Re:And yet... (Score:3, Insightful)

    by jawnah ( 1022209 ) on Tuesday February 11, 2014 @01:39AM (#46215443)

    The ISPs of the world keep letting this kind of crap happen.... It should be pretty obvious when someone is trying to DDoS a server. Even if they don't want to lose a "paying customer", simply cutting access to that server for x amount of time for that IP would be more than enough.

    I understand where you're coming from but I think that may be a premature observation. I doubt this is just an attack against a single IP address. You should also remember that there comes a point where the incoming volume of traffic destined for the IP address(es) under attack overwhelms the upstream carriers prior to the null-routing of said addresses. The lower the null-route is set, the greater the chance for upstream impact. Mitigating heavy DDoS isn't always just a simple matter.

  • Re:And yet... (Score:5, Insightful)

    by jawnah ( 1022209 ) on Tuesday February 11, 2014 @01:52AM (#46215497)
    How, exactly, would you propose that this is done by carriers? You say that it would be obvious if someone were attempting a DDoS attack but that may not be true. One of the major issues with DDoS is that it doesn't require tremendous bandwidth on the client sides. There could be millions of those (and with the fact that everyone thinks they need 50Mbps home internet for their web surfing) and there's plenty of bandwidth available that could be limited to appear like legitimate traffic. It has been my experience that the best attacks against things involve greater quantities of remote hosts and less bandwidth than fewer hosts with more bandwidth.
  • by Anonymous Coward on Tuesday February 11, 2014 @03:29AM (#46215747)

    Our last inbound attack appeared to come from over 50 million very well spread out different IPs. Of course those are all spoofed IPs but either way you can't effectively block that many without blocking larger amounts of legit traffic.

  • by DarwinSurvivor ( 1752106 ) on Tuesday February 11, 2014 @05:30AM (#46216073)
    Because it is VERY difficult to ascertain whether the source of an inbound packet is forged unless it is very obvious (like an IP that should be inside your network or on a private subnet). Outbound traffic on the other hand should almost always have a source IP that belongs to your assigned ranges (or configured private subnets).
  • Re:And yet... (Score:4, Insightful)

    by Luckyo ( 1726890 ) on Tuesday February 11, 2014 @07:17AM (#46216323)

    Which is going to be a great explanation to talk about on TV talk shows. Alongside of why ISPs cut off innocent people who are victims of a crime off the internet as an additional punishment, and what should be done about those evil ISPs.

    All the while the person dumb enough to actually make that career ending call enjoys his new career at local fast food restaurant.

When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal