Last Thursday (on February 13, 2014), CloudFlare, the cloud-based web optimization and web security services provider, announced that it had effectively mitigated a 400-Gbps DDoS attack with one of its customers as a target by making use of its multiple security features and large network of data centers around the globe.
This recent attack was the largest attack that made use of NTP amplification, wherein the attacker generates a large number of UDP packages with spoofed source IP address to make it appear that the target was the source of the request. The attack used 4529 NTP servers and sent them MONLIST command from the spoofed target as source, thus making each machine send back a response that is more than 60-times the original MONLIST command and since the NTP servers send the data back to the spoofed-source, it resulted in a peak traffic of almost 400Gbps, which could have brought the DDoS target down had it not been for CloudFlare.
At its end, CloudFlare mentioned the details about the networks, and the also the steps network administrators should take to fix their infrastructure if their machines have been used for the attack. Apart from this, CloudFlare said that while the recent NTP attacks showed a new type of massive attacks there were other SNMP exploits which attackers could use in the future and hence the Company would continue to work hard for ensuring that its customers are protected from all large scale attacks.