Arbor reports spike in DDoS attack driven by NTP
Arbor, the provider of distributed denial-of-service (DDoS) and advanced threat protection solutions for enterprise and service provider networks, on Tuesday released the global DDoS attack data derived from its Active Threat Level Analysis System (ATLAS) threat monitoring infrastructure.
NTP is a User Datagram Protocol (UDP)-based protocol used to synchronize clocks over a computer network.
Arbor noted that any UDP-based service including DNS, SNMP, NTP, chargen, and RADIUS is a potential vector for DDoS attacks because the protocol is connectionless and source IP addresses can be spoofed by attackers who have control of compromised or ‘botted’ hosts residing on networks which have not implemented basic anti-spoofing measures.
NTP is popular due to its high amplification ratio of approximately 1000x. Furthermore, attacks tools are becoming readily available, making these attacks easy to execute, the company said.
Arbor said that ATLAS is a collaborative partnership with nearly 300 service provider customers who share anonymous traffic data with the company in order to deliver a comprehensive, aggregated view of global traffic and threats.
ATLAS collects 80TB/sec of traffic and provides the data for the Digital Attack Map, a visualization of global attack traffic created by Google Ideas.
The global DDoS attack data stated that the average NTP traffic globally in November 2013 was 1.29 GB/sec, by February 2014 it was 351.64 GB/sec.
The report said that the NTP was used in 14 percent of DDoS events overall, but 56 percent of events over 10 GB/sec and 84.7 percent of events over 100 GB/sec.
Arbor noted that US, France and Australia were the most common targets overall, while US and France were the most common targets of large attacks.
Arbor Networks Director of Solutions Architects Darren Anstee said, "Arbor has been monitoring and mitigating DDoS attacks since 2000. The spike in the size and frequency of large attacks so far in 2014 has been unprecedented."
"These attacks have become so large, they pose a very serious threat to Internet infrastructure, from the ISP to the enterprise," Anstee said.
Support Our Journalism
We cannot do without you.. your contribution supports unbiased journalism
IBNS is not driven by any ism- not wokeism, not racism, not skewed secularism, not hyper right-wing or left liberal ideals, nor by any hardline religious beliefs or hyper nationalism. We want to serve you good old objective news, as they are. We do not judge or preach. We let people decide for themselves. We only try to present factual and well-sourced news.
