On January 8, 2014 Black Lotus released a Threat Advisory on NTP Reflection Attacks which can allow a DDoS attacker to exploit a vulnerability in ntpd versions prior to 4.2.7p26, allowing the attacker to cause a reflection of malicious traffic with an amplification factor of 58.5. For example, 100 Mbps of spoofed NTP traffic can cause 5.8 Gbps of malicious traffic to strike the spoofed target.
Between January 2 and January 6, 2014 Black Lotus collected data on the highly publicized @DerpTrolling (via Twitter) attacks which were allegedly responsible for outages to Xbox Live, EA, League of Legends, and Blizzard. Black Lotus has measured the attacks at a maximum bit volume of 28 Gbps of UDP/123 (NTP) traffic.
For more information, please download the full Threat Advisory:
Black Lotus Threat Advisory - NTP Reflection Attacks - Jan 8 2014
Between January 2 and January 6, 2014 Black Lotus collected data on the highly publicized @DerpTrolling (via Twitter) attacks which were allegedly responsible for outages to Xbox Live, EA, League of Legends, and Blizzard. Black Lotus has measured the attacks at a maximum bit volume of 28 Gbps of UDP/123 (NTP) traffic.
Black Lotus Threat Advisory - NTP Reflection Attacks - Jan 8 2014