World's largest Denial of Service attack caused by vulnerability in the infrastructure of the web

New method of DoS attack exploits flaw in thousands of 'time keeping servers' that keep internet-connected devices running on the same clock

Hackers have exploited a key vulnerability in the infrastructure of the internet to mount what has been described by security researchers as the world’s largest Denial of Service (DoS) attack.

Hacks of this type are used to overwhelm web services by flooding them with requests for data and are a key weapon in the arsenal of hacking collectives such as Anonymous as well as government bodies.

The severity of DoS attacks are measured in gigabits-per-second (Gbps), with this recent example tipping 400Gbps – more than 100gbps larger than the previous record. The destructive traffic was absorbed by the servers of CloudFlare, a company that specialises in protecting against just such attacks.

Matthew Prince, the chief executive of CloudFlare, commented on Twitter: “Someone’s got a big, new cannon. Start of ugly things to come.”

The attack was exceptional not just due to its size but also because of its method, which took advantage of a type of server that is used to keep time on the internet, a Network Time Protocol (NTP) server.

Thousands of these servers are distributed across the world in order to keep devices in sync with one another. Although as a counting method time simply advances forward, if one system is ahead or behind others problems will quickly arise. For the computers involved emails would arrive before they were sent, or instructions received for events in the past.

In a blogpost by CloudFlare explaining the method, the example is given of an NTP server run by Apple called "". Mac devices which are set to this time-zone will then quietly send requests to the server to make sure their clocks are synchronised. NTP servers themselves are set to Coordinated Universal Time (UTC).

There are two vulnerabilities with this system. Firstly, the information sent out by NTP servers is several times larger than the original request, and secondly these requests are subject to ‘spoofing’, meaning that hackers can trick the servers into sending data back to different addresses.

Combining these two qualities means that NTP servers can be essentially used as amplifiers by hackers. They send requests for data to them and redirect the server’s reply to an unsuspecting site, overwhelming it with traffic.

Sending information about the time might not sound like it would be data intensive, but a simple test conducted by CloudFlare was able to create an “amplification factor” of 206x. This means that a hacker in control of a 1Gbps connection would be able to direct an attack of 206Gbps against a target.

Web admins can implement some simple updates to mitigate these attacks but some in the tech community are worried that ISPs will be too slow – or ignorant – to properly protect their sites. Until all vulnerable systems are fixed, security experts are warning that more attacks like this are likely.

Life and Style
The Google Doodle celebrating the start of the first day of autumn, 2014.
Arts and Entertainment
Sheridan Smith as Cilla Black and Ed Stoppard as her manager Brian Epstein
tvCilla Episode 2 review: Grit under the glamour in part two of biopic series starring Sheridan Smith
David Moyes and Louis van Gaal
Former Governor of Alaska Sarah Palin, left, with her daughter, Bristol
newsShe's 'proud' of eldest daughter, who 'punched host in the face'
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
New Zealand fly-half Aaron Cruden pictured in The Zookeeper's Son on a late-night drinking session
A cabin crew member photographed the devastation after one flight
Life and Style
Carol O'Brien, whose son Rob suffered many years of depression
healthOne mother's story of how London charity Maytree helped her son with his depression
Life and Style
food + drink
Arts and Entertainment
The cover of Dark Side of the Moon
musicCan 'The Endless River' carry on the tradition? See for yourself
Rob Merrick's Lobby Journalists were playing Ed Balls' Labour Party MPs. The match is an annual event which takes place ahead of the opening of the party conference
newsRob Merrick insistes 'Ed will be hurting much more than me'
A new app has been launched that enables people to have a cuddle from a stranger
voicesMaybe the new app will make it more normal to reach out to strangers
Liam Payne has attacked the media for reporting his tweet of support to Willie Robertson and the subsequent backlash from fans
peopleBut One Direction star insists he is not homophobic
Life and Style
healthFor Pure-O OCD sufferers this is a reality they live in
Life and Style
Sexual health charities have campaigned for the kits to be regulated
healthAmerican woman who did tells parents there is 'nothing to be afraid of'
Life and Style
Arts and Entertainment
The John Peel Lecture has previously been given by Pete Townshend of The Who, Billy Bragg and Charlotte Church
musicGodfather of punk will speak on 'free music in a capitalist society'
peopleAt least it's for a worthwhile cause
Shoppers in Covent Garden, London, celebrate after they were the first to buy the iPhone 6, released yesterday
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Trainee / Experienced Recruitment Consultants

    £20000 - £25000 per annum + OTE £40,000: SThree: SThree are a global FTSE 250 ...

    Trainee Recruitment Consultant - Soho

    £20000 - £25000 per annum + OTE £40000: SThree: As a Recruitment Consultant, y...

    Trainee Recruitment Consultants - Banking & Finance

    £20000 - £25000 per annum + OTE £40,000: SThree: SThree Group have been well e...

    Website Editor

    £15 - £17 Per Hour: Clearwater People Solutions Ltd: Our client is currently r...

    Day In a Page

    A roller-coaster tale from the 'voice of a generation'

    Not That Kind of Girl:

    A roller-coaster tale from 'voice of a generation' Lena Dunham
    London is not bedlam or a cradle of vice. In fact it, as much as anywhere, deserves independence

    London is not bedlam or a cradle of vice

    In fact it, as much as anywhere, deserves independence
    Vivienne Westwood 'didn’t want' relationship with Malcolm McLaren

    Vivienne Westwood 'didn’t want' relationship with McLaren

    Designer 'felt pressured' into going out with Sex Pistols manager
    Jourdan Dunn: Model mother

    Model mother

    Jordan Dunn became one of the best-paid models in the world
    Apple still coolest brand – despite U2 PR disaster

    Apple still the coolest brand

    Despite PR disaster of free U2 album
    Scottish referendum: The Yes vote was the love that dared speak its name, but it was not to be

    Despite the result, this is the end of the status quo

    Boyd Tonkin on the fall-out from the Scottish referendum
    Manolo Blahnik: The high priest of heels talks flats, Englishness, and why he loves Mary Beard

    Manolo Blahnik: Flats, Englishness, and Mary Beard

    The shoe designer who has been dubbed 'the patron saint of the stiletto'
    The Beatles biographer reveals exclusive original manuscripts of some of the best pop songs ever written

    Scrambled eggs and LSD

    Behind The Beatles' lyrics - thanks to Hunter Davis's original manuscript copies
    'Normcore' fashion: Blending in is the new standing out in latest catwalk non-trend

    'Normcore': Blending in is the new standing out

    Just when fashion was in grave danger of running out of trends, it only went and invented the non-trend. Rebecca Gonsalves investigates
    Dance’s new leading ladies fight back: How female vocalists are now writing their own hits

    New leading ladies of dance fight back

    How female vocalists are now writing their own hits
    Mystery of the Ground Zero wedding photo

    A shot in the dark

    Mystery of the wedding photo from Ground Zero
    His life, the universe and everything

    His life, the universe and everything

    New biography sheds light on comic genius of Douglas Adams
    Save us from small screen superheroes

    Save us from small screen superheroes

    Shows like Agents of S.H.I.E.L.D are little more than marketing tools
    Reach for the skies

    Reach for the skies

    From pools to football pitches, rooftop living is looking up
    These are the 12 best hotel spas in the UK

    12 best hotel spas in the UK

    Some hotels go all out on facilities; others stand out for the sheer quality of treatments