Amplified DDoS Attacks Increasingly Use Network Time Service
Attackers abused a feature of the network time protocol to flood networks with hundreds of gigabits per second of data, a situation which is happening with increasing frequency, according to DOS mitigation firm Prolexic.Massive distributed denial-of-service (DDoS) attacks have become more popular with cyber-criminals and hacktivists, especially those attacks that use a vulnerability in the network time protocol (NTP) to produce overwhelming floods of data, according to DDoS mitigation firm Prolexic. In an advisory released on March 12, the company warned that attacks using vulnerable NTP servers have almost quadrupled in the last month. Such attacks can amplify the bandwidth of a simple NTP request by more than 300 times, producing a massive spike in traffic, according to an alert issued on March 12 by Prolexic, which was acquired last month by Internet-infrastructure firm Akamai. While other types of amplification attacks exist, including those that use the domain name service (DNS) protocol, NTP amplification attacks are simple and deliver the largest spike in traffic and can be implemented simply. Attacks using NTP started appearing at the end of 2013 and dramatically accelerated this year. "It is the convergence of what [is] old is new again with the evolution of DDoS-as-a-service," Stuart Scholly, general manager for security at Akamai Technologies, told eWEEK. "You can go to these service sites and pay nominal dollars as a nontechnical person and generate pretty substantial attack sizes."
By asking a NTP server for a list previous requesters and spoofing the source address of the request to point to the victim, an attacker could overwhelm a victim's network with a flood of data, according to the firms.