World's largest Denial of Service attack caused by vulnerability in the infrastructure of the web

New method of DoS attack exploits flaw in thousands of 'time keeping servers' that keep internet-connected devices running on the same clock

Hackers have exploited a key vulnerability in the infrastructure of the internet to mount what has been described by security researchers as the world’s largest Denial of Service (DoS) attack.

Hacks of this type are used to overwhelm web services by flooding them with requests for data and are a key weapon in the arsenal of hacking collectives such as Anonymous as well as government bodies.

The severity of DoS attacks are measured in gigabits-per-second (Gbps), with this recent example tipping 400Gbps – more than 100gbps larger than the previous record. The destructive traffic was absorbed by the servers of CloudFlare, a company that specialises in protecting against just such attacks.

Matthew Prince, the chief executive of CloudFlare, commented on Twitter: “Someone’s got a big, new cannon. Start of ugly things to come.”

The attack was exceptional not just due to its size but also because of its method, which took advantage of a type of server that is used to keep time on the internet, a Network Time Protocol (NTP) server.

Thousands of these servers are distributed across the world in order to keep devices in sync with one another. Although as a counting method time simply advances forward, if one system is ahead or behind others problems will quickly arise. For the computers involved emails would arrive before they were sent, or instructions received for events in the past.

In a blogpost by CloudFlare explaining the method, the example is given of an NTP server run by Apple called "time.euro.apple.com". Mac devices which are set to this time-zone will then quietly send requests to the server to make sure their clocks are synchronised. NTP servers themselves are set to Coordinated Universal Time (UTC).

There are two vulnerabilities with this system. Firstly, the information sent out by NTP servers is several times larger than the original request, and secondly these requests are subject to ‘spoofing’, meaning that hackers can trick the servers into sending data back to different addresses.

Combining these two qualities means that NTP servers can be essentially used as amplifiers by hackers. They send requests for data to them and redirect the server’s reply to an unsuspecting site, overwhelming it with traffic.

Sending information about the time might not sound like it would be data intensive, but a simple test conducted by CloudFlare was able to create an “amplification factor” of 206x. This means that a hacker in control of a 1Gbps connection would be able to direct an attack of 206Gbps against a target.

Web admins can implement some simple updates to mitigate these attacks but some in the tech community are worried that ISPs will be too slow – or ignorant – to properly protect their sites. Until all vulnerable systems are fixed, security experts are warning that more attacks like this are likely.

News
people
Sport
Yaya Sanogo celebrates scoring the opening goal with Arsenal's English midfielder Alex Oxlade-Chamberlain
champions leagueLive: All the latest from the Emirates and Bulgaria, where Liverpool face Ludogorets
News
Andy Murray with his girlfriend of nine years, Kim Sears who he has got engaged to
peopleWimbledon champion announces engagement to girlfriend Kim Sears
Arts and Entertainment
An unseen image of Kurt Cobain at home featured in the film 'Kurt Cobain: Montage of Heck'
filmThe singers widow and former bandmates have approved project
PROMOTED VIDEO
Life and Style
ebookNow available in paperback
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Argyll Scott International: Senior Business Analyst- Insurance

    Negotiable: Argyll Scott International: Senior Business Analyst - Insurance ...

    Recruitment Genius: Drupal Developer

    Negotiable: Recruitment Genius: This consulting firm are searching for an Adva...

    Ashdown Group: IT Support Analyst

    £20000 - £26000 per annum: Ashdown Group: Desktop Support Analyst - Sutton, Su...

    Opilio Recruitment: Trainee Recruitment Consultant

    £15k - 18k per year + Benefits & OTE: Opilio Recruitment: Digital Media, Mob...

    Day In a Page

    Cameron, Miliband and Clegg join forces for Homeless Veterans campaign

    Cameron, Miliband and Clegg join forces for Homeless Veterans campaign

    It's in all our interests to look after servicemen and women who fall on hard times, say party leaders
    Millionaire Sol Campbell wades into wealthy backlash against Labour's mansion tax

    Sol Campbell cries foul at Labour's mansion tax

    The former England defender joins Myleene Klass, Griff Rhys Jones and Melvyn Bragg in criticising proposals
    Nicolas Sarkozy returns: The ex-President is preparing to fight for the leadership of France's main opposition party – but will he win big enough?

    Sarkozy returns

    The ex-President is preparing to fight for the leadership of France's main opposition party – but will he win big enough?
    Is the criticism of Ed Miliband a coded form of anti-Semitism?

    Is the criticism of Miliband anti-Semitic?

    Attacks on the Labour leader have coalesced around a sense that he is different, weird, a man apart. But is the criticism more sinister?
    Ouija boards are the must-have gift this Christmas, fuelled by a schlock horror film

    Ouija boards are the must-have festive gift

    Simon Usborne explores the appeal - and mysteries - of a century-old parlour game
    Can SkySaga capture the Minecraft magic?

    Can SkySaga capture the Minecraft magic?

    It's no surprise that the building game born in Sweden in 2009 and now played by millions, has imitators keen to construct their own mega money-spinner
    Christmas 2014: 23 best women's perfumes

    Festively fragrant: the best women's perfumes

    Give a loved one a luxe fragrance this year or treat yourself to a sensual pick-me-up
    Homeless Veterans Christmas Appeal: Drifting and forgotten - turning lives around for ex-soldiers

    Homeless Veterans Christmas Appeal: Turning lives around for ex-soldiers

    Our partner charities help veterans on the brink – and get them back on their feet
    Putin’s far-right ambition: Think-tank reveals how Russian President is wooing – and funding – populist parties across Europe to gain influence in the EU

    Putin’s far-right ambition

    Think-tank reveals how Russian President is wooing – and funding – populist parties across Europe to gain influence in the EU
    Tove Jansson's Moominland: What was the inspiration for Finland's most famous family?

    Escape to Moominland

    What was the inspiration for Finland's most famous family?
    Nightclubbing with Richard Young: The story behind his latest book of celebrity photographs

    24-Hour party person

    Photographer Richard Young has been snapping celebrities at play for 40 years. As his latest book is released, he reveals that it wasn’t all fun and games
    Michelle Obama's school dinners: America’s children have a message for the First Lady

    A taste for rebellion

    US children have started an online protest against Michelle Obama’s drive for healthy school meals by posting photos of their lunches
    Colouring books for adults: How the French are going crazy for Crayolas

    Colouring books for adults

    How the French are going crazy for Crayolas
    Jack Thorne's play 'Hope': What would you do as a local politician faced with an impossible choice of cuts?

    What would you do as a local politician faced with an impossible choice of cuts?

    Playwright Jack Thorne's latest work 'Hope' poses the question to audiences
    Ed Harcourt on Romeo Beckham and life as a court composer at Burberry

    Call me Ed Mozart

    Paloma Faith, Lana del Ray... Romeo Beckham. Ed Harcourt has proved that he can write for them all. But it took a personal crisis to turn him from indie star to writer-for-hire