One of the largest distributed denial-of-service NTP reflection attack with a magnitude of 255 Gbps, took down www.quikr.com and disturbed the normal operations of Netmagic and its upstream ISPs.  As the attack was observed beyond 255 Gbps, blackholed the IP internationally.

This is the largest distributed denial-of-service (DDoS) NTP reflection  attack happened in India specially with an Indian hosted site , peaked at 250 Gbps,  The biggest one is recorded in Us against one of the customers of CloudFlare was at a magnitude of 400Gbps.

What is NTP reflection  attack

NTP is Network time protocol and it’s used to synch the time between client and server, it is a UDP protocol and it’s run on port 123. In the NTP reflection attack the attacker send a crafted packet which request a large amount of date send to the host. In this case, the attackers are taking advantage of the monlist command. Monlist is a remote command in older version of NTP that sends the requester a list of the last 600 hosts who have connected to that server. For attackers the monlist query is a great reconnaissance tool. For a localized NTP server it can help to build a network profile. However, as a DDoS tool, it is even better because a small query can redirect megabytes worth of traffic.NTP-based reflection attacks are designed to cause high impact with little effort

With in couple of hours Quikr was up and running . Special thanks to Netmagic and its team to identify and isolate the attack.

Post By Gishore J Kallarackal (2,121 Posts)

Gishore J Kallarackal is the founder of techgurulive. The purpose of this site is to share information about free resources that techies can use for reference. You can follow me on the social web, subscribe to the RSS Feed or sign up for the email newsletter for your daily dose of tech tips & tutorials. You can content me via @twitter or e-mail.

Website: → Techgurulive

Connect