A large DDoS attack hit US and Europe based servers, that some are reporting to have been larger in scale then the attack last year titled Spamhaus. These attacks again utilized the Network Time Protocol on compromised servers to launch the attacks while spoofing the IP addresses of the attackers to masquerade as their victims. The exploit itself uses a weakness in NTP that allows querying of the server about connected clients and traffic, which if requested in large volume can generate tremendous traffic. The spoofing of the IP addresses in this recent attack allowed the attacks to generate even more traffic then usual.
The US Computer Emergency Readiness Team(US-CERT) back in January had issued a warning regarding these types of attacks after a number of gaming websites were brought down in December.
The report over at RT.com explains that CloudFlare fought back against these attacks this past Tuesday, which reached 400gbps. According to CEO Matthew Prince, he was quoted as mentioning the latest attack had shown someone “had a big, new cannon”. An interesting quip as many may be familiar with the LOIC or Low Orbitting Ion Cannon tool that has been used in numerous DDoS attacks in past years.