Earlier this week the servers of EA.com's popular League of Legends game went down due to a technical attacks that has not been used in the past.
Αντί να πλημμυρίσουν άμεσα τις στοχευμένες υπηρεσίες με χείμαρρους των δεδομένων (DDoS), μια ομάδα η οποία αυτοαποκαλείται DERP Trolling άρχισε να στέλνει αιτήματα δεδομένων πολύ smallery size on the time synchronization servers running the protocol Network Time Protocol (NTP). By sending these requests it seemed that the traffic came from the game websites and so the attackers were able to greatly enhance the power of the attack. A fake application containing eight bytes usually leads to a 468 bytes response from the victim server, 58 times the larger packet per request.
"Before December, the NTP attacks were almost unheard of because if there was one it was not worth discussing," said Shawn Marck, the company's chief executive. Black Lotus (dealing with DoS attacks), at Ars Technica. "We are witnessing a change in their methodology attacks. "
This technique is by many opinions similar to attacks DNS-amplification which have been running on servers for years. An older technique DoS sends fake requests to open the domain names of the servers requesting the IP address for a particular location. DNS-reflection attacks help to worsen the damage of a DoS attack because responses sent from the targeted area are about 50 times larger than the request being sent by the attacker.
The average size of each attack NTP, the first week of 2014 was about 7,3 gigabits per second. A number three times greater than the average DoS attack observed in December. By correlating the posts with the group's allegations DERP Trolling on Twitter the researchers of Black Lotus were able to estimate that the hackers used approximately 28Gbps for the attack.
