World's largest Denial of Service attack caused by vulnerability in the infrastructure of the web

New method of DoS attack exploits flaw in thousands of 'time keeping servers' that keep internet-connected devices running on the same clock

Hackers have exploited a key vulnerability in the infrastructure of the internet to mount what has been described by security researchers as the world’s largest Denial of Service (DoS) attack.

Hacks of this type are used to overwhelm web services by flooding them with requests for data and are a key weapon in the arsenal of hacking collectives such as Anonymous as well as government bodies.

The severity of DoS attacks are measured in gigabits-per-second (Gbps), with this recent example tipping 400Gbps – more than 100gbps larger than the previous record. The destructive traffic was absorbed by the servers of CloudFlare, a company that specialises in protecting against just such attacks.

Matthew Prince, the chief executive of CloudFlare, commented on Twitter: “Someone’s got a big, new cannon. Start of ugly things to come.”

The attack was exceptional not just due to its size but also because of its method, which took advantage of a type of server that is used to keep time on the internet, a Network Time Protocol (NTP) server.

Thousands of these servers are distributed across the world in order to keep devices in sync with one another. Although as a counting method time simply advances forward, if one system is ahead or behind others problems will quickly arise. For the computers involved emails would arrive before they were sent, or instructions received for events in the past.

In a blogpost by CloudFlare explaining the method, the example is given of an NTP server run by Apple called "time.euro.apple.com". Mac devices which are set to this time-zone will then quietly send requests to the server to make sure their clocks are synchronised. NTP servers themselves are set to Coordinated Universal Time (UTC).

There are two vulnerabilities with this system. Firstly, the information sent out by NTP servers is several times larger than the original request, and secondly these requests are subject to ‘spoofing’, meaning that hackers can trick the servers into sending data back to different addresses.

Combining these two qualities means that NTP servers can be essentially used as amplifiers by hackers. They send requests for data to them and redirect the server’s reply to an unsuspecting site, overwhelming it with traffic.

Sending information about the time might not sound like it would be data intensive, but a simple test conducted by CloudFlare was able to create an “amplification factor” of 206x. This means that a hacker in control of a 1Gbps connection would be able to direct an attack of 206Gbps against a target.

Web admins can implement some simple updates to mitigate these attacks but some in the tech community are worried that ISPs will be too slow – or ignorant – to properly protect their sites. Until all vulnerable systems are fixed, security experts are warning that more attacks like this are likely.

News
Ben Little, right, is a Labour supporter while Jonathan Rogers supports the Green Party
general election 2015
News
The 91st Hakone Ekiden Qualifier at Showa Kinen Park, Tokyo, 2014
news
Life and Style
Former helicopter pilot Major Tim Peake will become the first UK astronaut in space for over 20 years
food + drinkNothing but the best for British astronaut as chef Heston Blumenthal cooks up his rations
News
Kim Wilde began gardening in the 1990s when she moved to the countryside
peopleThe singer is leading an appeal for the charity Thrive, which uses the therapy of horticulture
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Sport
Alexis Sanchez celebrates scoring a second for Arsenal against Reading
football
Life and Style
health
Voices
An easy-peel potato; Dave Hax has come up with an ingenious method in food preparation
voicesDave Hax's domestic tips are reminiscent of George Orwell's tea routine. The world might need revolution, but we like to sweat the small stuff, says DJ Taylor
News
i100
News
Japan's population is projected to fall dramatically in the next 50 years (Wikimedia)
news
Life and Style
Buyers of secondhand cars are searching out shades last seen in cop show ‘The Sweeney’
motoringFlares and flounce are back on catwalks but a revival in ’70s car paintjobs was a stack-heeled step too far – until now
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Project Implementation Executive

    £18000 - £23000 per annum: Recruitment Genius: They work with major vehicle ma...

    Recruitment Genius: Digital Account Executive - Midlands

    £18000 - £26000 per annum: Recruitment Genius: They work with major vehicle ma...

    Ashdown Group: Front-End UI Application Developer

    £30000 - £40000 per annum + Benefits: Ashdown Group: Front-End UI Application ...

    Recruitment Genius: Digital Account Executive

    £18000 - £26000 per annum: Recruitment Genius: They work with major vehicle ma...

    Day In a Page

    NHS struggling to monitor the safety and efficacy of its services outsourced to private providers

    Who's monitoring the outsourced NHS services?

    A report finds that private firms are not being properly assessed for their quality of care
    Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

    Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

    The Tory MP said he did not want to stand again unless his party's manifesto ruled out a third runway. But he's doing so. Watch this space
    How do Greek voters feel about Syriza's backtracking on its anti-austerity pledge?

    How do Greeks feel about Syriza?

    Five voters from different backgrounds tell us what they expect from Syriza's charismatic leader Alexis Tsipras
    From Iraq to Libya and Syria: The wars that come back to haunt us

    The wars that come back to haunt us

    David Cameron should not escape blame for his role in conflicts that are still raging, argues Patrick Cockburn
    Sam Baker and Lauren Laverne: Too busy to surf? Head to The Pool

    Too busy to surf? Head to The Pool

    A new website is trying to declutter the internet to help busy women. Holly Williams meets the founders
    Heston Blumenthal to cook up a spice odyssey for British astronaut manning the International Space Station

    UK's Major Tum to blast off on a spice odyssey

    Nothing but the best for British astronaut as chef Heston Blumenthal cooks up his rations
    John Harrison's 'longitude' clock sets new record - 300 years on

    ‘Longitude’ clock sets new record - 300 years on

    Greenwich horologists celebrate as it keeps to within a second of real time over a 100-day test
    Fears in the US of being outgunned in the vital propaganda wars by Russia, China - and even Isis - have prompted a rethink on overseas broadcasters

    Let the propaganda wars begin - again

    'Accurate, objective, comprehensive': that was Voice of America's creed, but now its masters want it to promote US policy, reports Rupert Cornwell
    Why Japan's incredible long-distance runners will never win the London Marathon

    Japan's incredible long-distance runners

    Every year, Japanese long-distance runners post some of the world's fastest times – yet, come next weekend, not a single elite competitor from the country will be at the London Marathon
    Why does Tom Drury remain the greatest writer you've never heard of?

    Tom Drury: The quiet American

    His debut was considered one of the finest novels of the past 50 years, and he is every bit the equal of his contemporaries, Jonathan Franzen, Dave Eggers and David Foster Wallace
    You should judge a person by how they peel a potato

    You should judge a person by how they peel a potato

    Dave Hax's domestic tips are reminiscent of George Orwell's tea routine. The world might need revolution, but we like to sweat the small stuff, says DJ Taylor
    Beige is back: The drab car colours of the 1970s are proving popular again

    Beige to the future

    Flares and flounce are back on catwalks but a revival in ’70s car paintjobs was a stack-heeled step too far – until now
    Bill Granger recipes: Our chef's dishes highlight the delicate essence of fresh cheeses

    Bill Granger cooks with fresh cheeses

    More delicate on the palate, milder, fresh cheeses can also be kinder to the waistline
    Aston Villa vs Liverpool: 'This FA Cup run has been wonderful,' says veteran Shay Given

    Shay Given: 'This FA Cup run has been wonderful'

    The Villa keeper has been overlooked for a long time and has unhappy memories of the national stadium – but he is savouring his chance to play at Wembley
    Timeless drama of Championship race in league of its own - Michael Calvin

    Michael Calvin's Last Word

    Timeless drama of Championship race in league of its own