Hike in NTP Amplification DDoS Attacks

Wednesday, March 12, 2014 @ 11:03 AM gHale

A high alert threat advisory went out for NTP amplification distributed denial of service (DDoS) attacks, researchers said.

This attack method has surged in popularity this year, fueled by the availability of new DDoS toolkits that make it simple to generate high-bandwidth, high-volume DDoS attacks against online targets, said researchers at Prolexic Technologies.

Vast DDoS Attack Hits DNS Platform
Increase in NTP Reflection Attacks
GitHub Hit by DDoS Attack, Again
DDoS Attacks Break Records

“During the month of February, we saw the use of NTP amplification attacks surge 371 percent against our client base,” said Stuart Scholly, SVP/GM Security, Akamai Technologies. Prolexic is a unit of Akamai. “In fact, the largest attacks we’ve seen on our network this year have all been NTP amplification attacks.”

While NTP amplification attacks have been a threat for many years, new DDoS attack toolkits make it easier for bad guys to launch attacks with just a handful of servers. With the current batch of NTP amplification attack toolkits, attackers could launch 100 Gbps assaults, or even larger, by leveraging just a few vulnerable NTP servers.

From February 2014 compared to January 2014:
● The number of NTP amplification attacks increased 371.43 percent
● Average peak DDoS attack bandwidth increased 217.97 percent
● The average peak DDoS attack volume increased 807.48 percent

Unlike the largest attacks of the past two years, the NTP amplification attacks did not focus on any particular sector. Industries targeted by NTP amplification attacks in February included finance, gaming, e-Commerce, Internet and telecom, media, education, software-as-a-service (SaaS) providers and security.

Prolexic Security Engineering & Response Team (PLXsert)’s lab simulated NTP amplification attacks produced amplified responses of 300x or more for attack bandwidth and 50x for attack volume, making this a dangerous attack method.

PLXsert’s NTP Amplification Attack threat advisory provides an analysis of the threat, sample payloads, recommended DDoS protection and mitigation techniques, as well as case studies on two NTP amplification attack campaigns directed against Prolexic clients. Click here to to download the threat advisory.

Designed to provide early warnings of new or modified DDoS attack signatures and scripts, observed by PLXsert, each threat advisory contains a description of the type of DDoS attack, a list of attack signatures, and the specific network infrastructure or application that it targets.

Leave a Reply

You must be logged in to post a comment.