[~Time Published January 09, 2014 at 01:25AM]
*/*/*/*/*/\*\*\*\*\*
Miscreants who earlier this week took down servers for League of Legends, EA.com, and other online game services used a never-before-seen technique that vastly amplified the amount of junk traffic directed at denial-of-service targets.
Rather than directly flooding the targeted services with torrents of data, an attack group calling itself DERP Trolling sent much smaller-sized data requests to time-synchronization servers running the Network Time Protocol (NTP). By manipulating the requests to make them appear as if they originated from one of the gaming sites, the attackers were able to vastly amplify the firepower at their disposal. A spoofed request containing eight bytes will typically result in a 468-byte response to victim, an increase of more than 58 fold.
"Prior to December, an NTP attack was almost unheard of because if there was one it wasn't worth talking about," Shawn Marck, CEO of DoS-mitigation service Black Lotus told Ars. "It was so tiny it never showed up in the major reports. What we're witnessing is a shift in methodology."
Read 4 remaining paragraphs | Comments
*/*/*/*/*/View@Source\*\*\*\*\* (http://feeds.arstechnica.com/~r/arstechnica/index/~3/b8k3CBU8Oc8/)
[IFTTTautoSHAREv1.015 | Shared with ifttt.com More shared news etc on: http://bit.ly/Schavuiten_blog | RSS source: http://theoldreader.com/profile/51411ac5bd9279fddb0009c6]
*/*/*/*/*/\*\*\*\*\*
69 percent of all DDoS attack traffic by bit volume in the first week of January was the result of NTP reflection.
Black Lotus
Miscreants who earlier this week took down servers for League of Legends, EA.com, and other online game services used a never-before-seen technique that vastly amplified the amount of junk traffic directed at denial-of-service targets.
Rather than directly flooding the targeted services with torrents of data, an attack group calling itself DERP Trolling sent much smaller-sized data requests to time-synchronization servers running the Network Time Protocol (NTP). By manipulating the requests to make them appear as if they originated from one of the gaming sites, the attackers were able to vastly amplify the firepower at their disposal. A spoofed request containing eight bytes will typically result in a 468-byte response to victim, an increase of more than 58 fold.
"Prior to December, an NTP attack was almost unheard of because if there was one it wasn't worth talking about," Shawn Marck, CEO of DoS-mitigation service Black Lotus told Ars. "It was so tiny it never showed up in the major reports. What we're witnessing is a shift in methodology."
Read 4 remaining paragraphs | Comments
*/*/*/*/*/View@Source\*\*\*\*\* (http://feeds.arstechnica.com/~r/arstechnica/index/~3/b8k3CBU8Oc8/)
[IFTTTautoSHAREv1.015 | Shared with ifttt.com More shared news etc on: http://bit.ly/Schavuiten_blog | RSS source: http://theoldreader.com/profile/51411ac5bd9279fddb0009c6]
Geen opmerkingen:
Een reactie posten