World's largest Denial of Service attack caused by vulnerability in the infrastructure of the web

New method of DoS attack exploits flaw in thousands of 'time keeping servers' that keep internet-connected devices running on the same clock

Hackers have exploited a key vulnerability in the infrastructure of the internet to mount what has been described by security researchers as the world’s largest Denial of Service (DoS) attack.

Hacks of this type are used to overwhelm web services by flooding them with requests for data and are a key weapon in the arsenal of hacking collectives such as Anonymous as well as government bodies.

The severity of DoS attacks are measured in gigabits-per-second (Gbps), with this recent example tipping 400Gbps – more than 100gbps larger than the previous record. The destructive traffic was absorbed by the servers of CloudFlare, a company that specialises in protecting against just such attacks.

Matthew Prince, the chief executive of CloudFlare, commented on Twitter: “Someone’s got a big, new cannon. Start of ugly things to come.”

The attack was exceptional not just due to its size but also because of its method, which took advantage of a type of server that is used to keep time on the internet, a Network Time Protocol (NTP) server.

Thousands of these servers are distributed across the world in order to keep devices in sync with one another. Although as a counting method time simply advances forward, if one system is ahead or behind others problems will quickly arise. For the computers involved emails would arrive before they were sent, or instructions received for events in the past.

In a blogpost by CloudFlare explaining the method, the example is given of an NTP server run by Apple called "time.euro.apple.com". Mac devices which are set to this time-zone will then quietly send requests to the server to make sure their clocks are synchronised. NTP servers themselves are set to Coordinated Universal Time (UTC).

There are two vulnerabilities with this system. Firstly, the information sent out by NTP servers is several times larger than the original request, and secondly these requests are subject to ‘spoofing’, meaning that hackers can trick the servers into sending data back to different addresses.

Combining these two qualities means that NTP servers can be essentially used as amplifiers by hackers. They send requests for data to them and redirect the server’s reply to an unsuspecting site, overwhelming it with traffic.

Sending information about the time might not sound like it would be data intensive, but a simple test conducted by CloudFlare was able to create an “amplification factor” of 206x. This means that a hacker in control of a 1Gbps connection would be able to direct an attack of 206Gbps against a target.

Web admins can implement some simple updates to mitigate these attacks but some in the tech community are worried that ISPs will be too slow – or ignorant – to properly protect their sites. Until all vulnerable systems are fixed, security experts are warning that more attacks like this are likely.

Arts and Entertainment
Attenborough with the primates
tvWhy BBC producers didn't want to broadcast Sir David Attenborough's famed Rwandan encounter
News
Campbell: ‘Sometimes you have to be economical with the truth’
newsFormer spin doctor says MPs should study tactics of leading sports figures like José Mourinho
Sport
football
News
Kelly Osbourne will play a flight attendant in Sharknado 2
people
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Life and Style
Alexander McQueen's AW 2009/10 collection during Paris Fashion Week
fashionMeet the collaborators who helped create the late designer’s notorious spectacles
News
Down-to-earth: Winstone isn't one for considering his 'legacy'
people
News
The dress can be seen in different colours
i100
Life and Style
Agretti is often compared to its relative, samphire, though is closer in taste to spinach
food + drink
Sport
Wes Brown is sent-off
football
Voices
Lance Corporal Joshua Leakey VC
voicesBeware of imitations, but the words of the soldier awarded the Victoria Cross were the real thing, says DJ Taylor
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Ashdown Group: Front-End Developer - London - up to £40,000

    £35000 - £40000 per annum: Ashdown Group: Creative Front-End Developer - Claph...

    Ashdown Group: QA Tester - London - £30,000

    £28000 - £30000 per annum: Ashdown Group: QA Tester - London - £30,000 QA Tes...

    Ashdown Group: Linux Administrator - London - £50,000

    £45000 - £50000 per annum + bonus: Ashdown Group: Linux Systems Administrator ...

    Ashdown Group: Business Intelligence Analyst - London - £45,000

    £40000 - £45000 per annum: Ashdown Group: SQL Server Reporting Analyst (Busine...

    Day In a Page

    War with Isis: Fears that the looming battle for Mosul will unleash 'a million refugees'

    The battle for Mosul will unleash 'a million refugees'

    Aid agencies prepare for vast exodus following planned Iraqi offensive against the Isis-held city, reports Patrick Cockburn
    Yvette Cooper: We can't lose the election. There's too much on the line

    Yvette Cooper: We can't lose the election. There's too much on the line

    The shadow Home Secretary on fighting radical Islam, protecting children, and why anyone in Labour who's thinking beyond May must 'sort themselves out'
    A bad week for the Greens: Leader Natalie Bennett's 'car crash' radio interview is followed by Brighton council's failure to set a budget due to infighting

    It's not easy being Green

    After a bad week in which its leader had a public meltdown and its only city council couldn't agree on a budget vote, what next for the alternative party? It's over to Caroline Lucas to find out
    Gorillas nearly missed: BBC producers didn't want to broadcast Sir David Attenborough's famed Rwandan encounter

    Gorillas nearly missed

    BBC producers didn't want to broadcast Sir David Attenborough's famed Rwandan encounter
    Downton Abbey effect sees impoverished Italian nobles inspired to open their doors to paying guests for up to €650 a night

    The Downton Abbey effect

    Impoverished Italian nobles are opening their doors to paying guests, inspired by the TV drama
    China's wild panda numbers have increased by 17% since 2003, new census reveals

    China's wild panda numbers on the up

    New census reveals 17% since 2003
    Barbara Woodward: Britain's first female ambassador to China intends to forge strong links with the growing economic superpower

    Our woman in Beijing builds a new relationship

    Britain's first female ambassador to China intends to forge strong links with growing economic power
    Courage is rare. True humility is even rarer. But the only British soldier to be awarded the Victoria Cross in Afghanistan has both

    Courage is rare. True humility is even rarer

    Beware of imitations, but the words of the soldier awarded the Victoria Cross were the real thing, says DJ Taylor
    Alexander McQueen: The catwalk was a stage for the designer's astonishing and troubling vision

    Alexander McQueen's astonishing vision

    Ahead of a major retrospective, Alexander Fury talks to the collaborators who helped create the late designer's notorious spectacle
    New BBC series savours half a century of food in Britain, from Vesta curries to nouvelle cuisine

    Dinner through the decades

    A new BBC series challenged Brandon Robshaw and his family to eat their way from the 1950s to the 1990s
    Philippa Perry interview: The psychotherapist on McDonald's, fancy specs and meeting Grayson Perry on an evening course

    Philippa Perry interview

    The psychotherapist on McDonald's, fancy specs and meeting Grayson Perry on an evening course
    Bill Granger recipes: Our chef recreates the exoticism of the Indonesian stir-fry

    Bill Granger's Indonesian stir-fry recipes

    Our chef was inspired by the south-east Asian cuisine he encountered as a teenager
    Chelsea vs Tottenham: Harry Kane was at Wembley to see Spurs beat the Blues and win the Capital One Cup - now he's their great hope

    Harry Kane interview

    The striker was at Wembley to see Spurs beat the Blues and win the Capital One Cup - now he's their great hope
    The Last Word: For the good of the game: why on earth don’t we leave Fifa?

    Michael Calvin's Last Word

    For the good of the game: why on earth don’t we leave Fifa?
    HIV pill: Scientists hail discovery of 'game-changer' that cuts the risk of infection among gay men by 86%

    Scientists hail daily pill that protects against HIV infection

    Breakthrough in battle against global scourge – but will the NHS pay for it?