Largest DDoS attack recorded in Europe clocks in at 400Gbps

12 Feb 2014

An attack on a European-based website has broken all previous direct denial of service attacks (DDoS) with a recorded number of requests totalling 400Gbps.

The attack has been recorded by web security outfit CloudFlare, which confirmed in a tweet the attack was almost 33pc larger than the previous record known as the Spamhaus attack, which reached about 300Gbps.

CloudFlare’s CEO, Mark Prince, said in the tweet confirming the attack, “Very big NTP reflection attack hitting us right now. Appears to be bigger than the Spamhaus attack from last year. Mitigating.”

The network time protocol (NTP) reflection would indicate that whoever orchestrated the attack took advantage of a flaw in the protocol’s computer clock time synchronisation.

It is still unknown which company was attacked, as CloudFlare refuses to speak about its clients, but Prince spoke about the growing fears that this DDoS attack could be the pre-cursor to similar, and larger, attacks in the future. “Someone’s got a big, new cannon. Start of ugly things to come.”

NTP attacks have become increasingly common in recent months and are seen as the future delivery method of similar attacks, as they provide greater capacity to cause disruption to a website for a longer period of time.

In CloudFlare’s January blog post discussing the growth of NTP attacks, the security team described how these types of attacks make it much harder to track the source.

“The actual source of the attack is hidden and is very hard to trace, and, if many internet servers are used, an attack can consist of an overwhelming number of packets hitting a victim from all over the world.”

The previous Spamhaus attack differed from this recent attack in that it was formulated using a domain name system (DNS) method of delivery that sends millions of IP address queries and subsequently overloads it.

Hacker attack image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic