A bit of follow-up on Meetup’s DDoS (denial of service) attack which saw the company’s website and accompanying mobile services down for several days: according to the company, this was an example of the increasingly common NTP-based DDoS attack. Explains CloudFlare CEO Matthew Prince, who stepped in to help Meetup get back online, NTP-style attacks are a newer choice among criminals when it comes to producing the DDoS flood that can crash websites, and they’re far more powerful, too.
In a nutshell, DDoS attacks attempt to crash servers, usually web servers, by sending a barrage of traffic to overwhelm the receiving ports. The servers crash under the load, taking websites and services down with them. In the past, such as with the high-profile Spamhaus DDoS attacks last year, the previous favorite vector for criminals instigating these attacks was DNS – that is, they would amplify their attacks using the DNS infrastructure.
But now, attackers are beginning to exploit flaws in other, older Internet protocols that were not originally secured particularly well. In Meetup’s case, the attackers use the NTP – or Network Time Protocol – which is a protocol that’s use to sync time clocks between multiple servers.
“The size of the attack was large enough that just about any organization, short of Google or someone with a network like CloudFlare, would have struggled to stay online,” explains Prince. “
View the Original article
0 comments:
Post a Comment