NTP Amplification DDoS Attacks are Increasingly Threatening

High-bandwidth NTP amplification DDoS attacks are becoming increasingly threatening due to a number of easy to use, DDoS attack toolkits. Amplification attacks are capable of turning a small amount of bandwidth, coming from a small number of machines, into a massive amount of bandwidth targeting an internet victim.

John Larsen, Chief Executive Officer at JavaPipe, said “The new and troublesome NTP attacks are using get_mon to amplify the attack traffic to spoofed host IP addresses. As NTP is widely used (and not updated) this attack has been causing a lot of issues.”

NTP DDoS Amplification

While attacks of this scale have been focused on a particular victim or industry, NTP amplification attacks have yet to reveal a particular victim and have included a range of industries such as finance, e-Commerce, media, education, and software-as-a-service providers.

JavaPipe, an internet solutions company with cloud and security scrubbing centers in America and Europe, has worked with RioRey, the leader in dedicated DDoS protection, to implement an update that successfully handles the attack.

“In tandem with RioRey, an update has been released to successfully mitigate this type of attack,” said John Larsen, “since our network experiences (an average) 1000 attacks per month and we have seen attacks as high as 200Gbps, our analysts are able to spot attack trends and advance DDoS mitigation techniques.”