[AusNOG] NTP reflection used for world's largest DDoS

Nick Gale nickgale at gmail.com
Tue Feb 11 16:32:16 EST 2014


another beer

------------------------------------------------
*Nick Gale*

P Please consider the environment before you print this email.


On 11 February 2014 13:27, Scott Weeks <surfer at mauigateway.com> wrote:

>
>
> --- daniel at glovine.com.au wrote:
> From: Daniel Watson <daniel at glovine.com.au>
>
>
> http://www.itnews.com.au/News/372033,worlds-largest-ddos-strikes-us-europe.aspx
> ---------------------------------------
>
> It's well past beer o'clock here, so my math or logic may not be
> optimally functioning...  ;-)
>
> "For example, 100Mbps of spoofed NTP traffic can cause 5.8Gbps of
> malicious traffic to strike the spoofed target," the report read."
>
> "CloudFlare chief executive Matthew Prince said the attack tipped
> 400Gbps"
>
> 400G / 5.8G = 69
>
> 69 * 100Mbps = 6.9Gbps
>
> So someone is using 6.9Gbps of bandwidth just for an NTP attack?
>
> Or are the spoofed packets coming from bots and that bandwidth is
> spread across a lot of different pipes?
>
> Or do I need another beer?  :-)
>
> scott
>
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140211/fc62e073/attachment.html>


More information about the AusNOG mailing list