The network security provider Cloudflare has reported last night about a massive DDoS attack on one of its customers. That was a NTP Reflection attack, which should be greater than the attack happened in 2013. It was tweeted By Cloudflare CEO Matthew Prince. The attack on one of its customers was carried out with up to 400 gigabits per second on 11th Feb 2014, tweeted Cloudflare CEO Matthew Prince on the night of 11 February 2014.
He was thus greater than that on the Swiss company Spamhaus in March 2013, the Cloudflare, estimated this attack and described this as the most recent attack on the Internet. This time, the attackers did not use a DNS server, but used a so called NTP Reflection attack, which is done via the timer log. Cloudflare is known for its rigid formulations. Prince compared the DDoS attack on Spamhaus with a nuclear attack in his blog, which affected the whole Internet.
At peak times it was run around 2.5 terabits of data through the Internet nodes. The security company Cloudflare does not tell so far which customer is affected by the current attack . However, reported at least one major French provider was the victim of this DDoS attack. OVH - founder and owner Oles tweeted that the attack was carried out with up to 350 Gbps.
The reason behind the DDoS attack is not ascertain so far. A Reflective attack on NTP is a fairly new procedure to bog down networks. Instead of DNS server now a days NTP server is used on the Internet for such attacks. These servers provide detailed time information worldwide. The attackers use fake data packets and put it in the IP address of the victim as a source.
The NTP servers in turn respond automatically and send data back to the real IP address. First, the attacker can successfully hide. Attackers can also send small fake data packets to the server and get them to respond with large packets. This can be achieved with a small bandwidth and in turn the attack use wide bandwidth of the victim.