Two years ago we were all talking about
DNS reflection attacks and the possibility that they may make an appearance. A year later they did just that, and on a
massive scale. These DDOS attacks that use distributed groups of machines to mount reflection attacks have become known as Distributed Reflective Denial of service attacks or DRDOS.
Sadly, DNS servers were not the only part of the internet that was vulnerable to this sort of misuse, allowing a perfectly valid (actually vital) piece of functionality to be subverted and used to mount a Denial of Service Attack (DDOS). Just as we had been saying a few months ago, other, often forgotten
protocols can also be misused to mount DDOS attacks:
And so it was that we saw the
largest DDOS attack yet recorded which used the obscure Network Time Protocol (NTP). Those of us who watch such things did see some evidence of such an attack building during the Christmas period 2013: hackers were playing with the protocol to mount small scale attacks. That appears to have been merely a proof of concept for what was to come some weeks later.
At least we now know the weapons that will be used, right? Personally I'm not sure internauts have quite understood the scale of the problem. Awareness if growing of the potential size of such attacks but DNS and NTP are not the only tools that could be used. As I've been trying to say, there are several protocols that hold the potential to be misused in the same way.
