World's largest Denial of Service attack caused by vulnerability in the infrastructure of the web

New method of DoS attack exploits flaw in thousands of 'time keeping servers' that keep internet-connected devices running on the same clock

Hackers have exploited a key vulnerability in the infrastructure of the internet to mount what has been described by security researchers as the world’s largest Denial of Service (DoS) attack.

Hacks of this type are used to overwhelm web services by flooding them with requests for data and are a key weapon in the arsenal of hacking collectives such as Anonymous as well as government bodies.

The severity of DoS attacks are measured in gigabits-per-second (Gbps), with this recent example tipping 400Gbps – more than 100gbps larger than the previous record. The destructive traffic was absorbed by the servers of CloudFlare, a company that specialises in protecting against just such attacks.

Matthew Prince, the chief executive of CloudFlare, commented on Twitter: “Someone’s got a big, new cannon. Start of ugly things to come.”

The attack was exceptional not just due to its size but also because of its method, which took advantage of a type of server that is used to keep time on the internet, a Network Time Protocol (NTP) server.

Thousands of these servers are distributed across the world in order to keep devices in sync with one another. Although as a counting method time simply advances forward, if one system is ahead or behind others problems will quickly arise. For the computers involved emails would arrive before they were sent, or instructions received for events in the past.

In a blogpost by CloudFlare explaining the method, the example is given of an NTP server run by Apple called "time.euro.apple.com". Mac devices which are set to this time-zone will then quietly send requests to the server to make sure their clocks are synchronised. NTP servers themselves are set to Coordinated Universal Time (UTC).

There are two vulnerabilities with this system. Firstly, the information sent out by NTP servers is several times larger than the original request, and secondly these requests are subject to ‘spoofing’, meaning that hackers can trick the servers into sending data back to different addresses.

Combining these two qualities means that NTP servers can be essentially used as amplifiers by hackers. They send requests for data to them and redirect the server’s reply to an unsuspecting site, overwhelming it with traffic.

Sending information about the time might not sound like it would be data intensive, but a simple test conducted by CloudFlare was able to create an “amplification factor” of 206x. This means that a hacker in control of a 1Gbps connection would be able to direct an attack of 206Gbps against a target.

Web admins can implement some simple updates to mitigate these attacks but some in the tech community are worried that ISPs will be too slow – or ignorant – to properly protect their sites. Until all vulnerable systems are fixed, security experts are warning that more attacks like this are likely.

Arts and Entertainment
Kirk Cameron is begging his Facebook fans to give him positive reviews
film
Sport
premier leagueMatch report: Arsenal 1 Man United 2
Arts and Entertainment
Jason goes on a special mission for the queen
tvReview: Everyone loves a CGI Cyclops and the BBC's Saturday night charmer is getting epic
Sport
Jonny May scores for England
rugby unionEngland 28 Samoa 9: Wing scores twice to help England record their first win in six
PROMOTED VIDEO
Life and Style
ebookNow available in paperback
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Senior Project Manager

    £45000 - £65000 per annum: Recruitment Genius: This is a fantastic opportunity...

    Recruitment Genius: Customer Service Executive

    £20000 per annum: Recruitment Genius: A Customer Service Executive is required...

    Ashdown Group: Junior SQL DBA - London - £39,000

    £37000 - £39000 per annum + benefits: Ashdown Group: SQL Database Administrato...

    Recruitment Genius: PHP Developer

    £26000 - £32000 per annum: Recruitment Genius: Expanding creative studio requi...

    Day In a Page

    US immigration: President Obama ready to press ahead with long-promised plan to overhaul 'broken system' - but will it get past a Republican-controlled Congress?

    Immigration: Obama's final frontier

    The President is ready to press ahead with the long-promised plan to overhaul America's 'broken system' - but will it get past a Republican-controlled Congress?
    Bill Cosby rape allegations explained: Why are these allegations coming out now? Why didn’t these women come forward earlier? And why has nobody taken legal action?

    Bill Cosby rape allegations explained

    Why are these allegations coming out now? Why has nobody taken legal action? And what happens next for the man once thought of as 'America's Dad'
    Four years of excruciating seizures caused by the 1cm tapeworm found burrowing through a man's brain

    You know that headache you’ve got?

    Four years of excruciating seizures caused by the 1cm tapeworm found burrowing through a man's brain
    Travelling to work by scooter is faster than walking and less sweaty than cycling, so why aren’t we all doing it?

    Scoot commute

    Travelling to work by scooter is faster than walking and less sweaty than cycling, so why aren’t we all doing it?
    Paul Robeson: The story of how an American icon was driven to death to be told in film

    The Paul Robeson story

    How an American icon was driven to death to be told in film
    10 best satellite navigation systems

    Never get lost again: 10 best satellite navigation systems

    Keep your vehicle going in the right direction with a clever device
    Paul Scholes column: England must learn to keep possession and dictate games before they are exposed by the likes of Germany and Brazil

    Paul Scholes column

    England must learn to keep possession and dictate games before they are exposed by the likes of Germany and Brazil
    Michael Dawson: I’ll thank Spurs after we win says defender as he prepares to return with Hull

    Michael Dawson: I’ll thank Spurs after we win

    Hull defender faces his struggling former club on Sunday ready to show what they are missing. But he says he will always be grateful to Tottenham
    Frank Warren column: Dr Wu has big plans for the professionals yet he should stick to the amateur game

    Frank Warren column

    Dr Wu has big plans for the professionals yet he should stick to the amateur game
    Synagogue attack: Fear unites both sides of Jerusalem as minister warns restoring quiet could take 'months'

    Terror unites Jerusalem after synagogue attack

    Rising violence and increased police patrols have left residents of all faiths looking over their shoulders
    Medecins sans Frontieres: The Ebola crisis has them in the headlines, but their work goes far beyond West Africa

    'How do you carry on? You have to...'

    The Ebola crisis has Medecins sans Frontieres in the headlines, but their work goes far beyond West Africa
    Isis extends its deadly reach with suicide bombing in Kurdish capital

    Isis extends its deadly reach with suicide bombing in Kurdish capital

    Residents in what was Iraq’s safest city fear an increase in jihadist attacks, reports Patrick Cockburn
    Underwater photography competition winners 2014 - in pictures

    'Mysterious and inviting' shot of diver wins photography competition

    Stunning image of cenote in Mexico takes top prize
    Sir John Major: Negative West End portrayals of politicians put people off voting

    Sir John Major hits out at theatres

    Negative West End portrayals of politicians put people off voting
    Kicking Barbie's butt: How the growth of 3D printing enabled me to make an army of custom-made figurines

    Kicking Barbie's butt

    How the growth of 3D printing enabled toy-designer to make an army of custom-made figurines