PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Record-Breaking DDoS Attack Nears 400 Gbps

Angela Moscaritolo
 & Angela Moscaritolo Managing Editor, Consumer Electronics

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Web security company CloudFlare on Monday evening battled a massive distributed denial of service (DDoS) attack that has eclipsed Spamhaus as the largest-ever such assault.

The attack, targeting one of CloudFlare's clients, peaked yesterday "just shy" of 400 gigabits per second, the company's CEO Matthew Prince told PCMag. In comparison, last year's record-breaking attack on Spamhaus reached 300 Gbps. A "normal" DDoS attack that might take down a bank website, for instance, is around 50 Gbps.

"The attack wasn't extraordinary except that it was quite large," Prince said.

Attackers leveraged weaknesses in the Network Time Protocol (NTP), which is used to synchronize computer clocks, to flood the European servers with data. While researchers have long-predicted that NTP might someday become a vector for DDoS attacks, the trend has only recently become popular, causing an issue for some gaming websites and service providers, CloudFlare wrote in a blog post last month.

"This vector has been rising in popularity over the last 6 months and is now responsible for some of the largest attacks we mitigate across our network," Prince said. "NTP amplification takes advantage of misconfigured network time servers (the systems used to synchronize clocks across servers)."

Monday's attack targeted a single customer, but it was so large that it affected CloudFlare's entire global network. The company did not reveal which of its customers was targeted.

"We were able to mitigate the attack but did see network congestion (slowness) in Europe at the peak of the attack," Price said.

DDoS attacks aim to overload a victim's servers by flooding them with more data than they can handle. Such attacks can disrupt a victim's business, or knock its website offline.

Experts now warn that this attack could be just the tip of the iceberg. Until all the misconfigured NTP servers are cleaned up, attacks of this nature will continue. Network administrators can see whether they are running a misconfigured NTP server by visiting the Open NTP Project.

"Someone's got a big, new cannon. Start of ugly things to come," Prince tweeted Monday. "These NTP reflection attacks are getting really nasty," he added.

For more, check out Understanding the SpamHaus DDoS Attack.

About Our Expert

Angela Moscaritolo

Angela Moscaritolo

Managing Editor, Consumer Electronics

My Experience

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade. 

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

The Technology I Use

My little Florida beach bungalow is brimming with smart home tech. I have a smart speaker or display in every room, allowing me to control other connected devices by voice. The Nest Hub on my bedside table lets me set wake-up alarms, control my smart light bulbs, and set the temperature on my smart thermostat. I use the Amazon Echo Show 8 on my kitchen counter to browse recipes, reorder protein powder, check the weather, and watch the news while I do dishes. 

Because I suffer from allergies, air purifiers are essential. My favorite model is the Dyson Purifier Cool TP07, which doubles as a fan and continuously sends indoor pollution data to its companion mobile app. 

My pitbull Bradley sheds, so a good robot vacuum is a must. I currently use a premium Ecovacs Deebot that can both vacuum and mop, empty its own dustbin, and wash its own mop cloth. 

For fitness, I like to mix up my routine with cycling, indoor rowing, running, and strength training in addition to yoga. I take classes on the Tonal 2 smart strength training machine, I row indoors on an Aviron machine, and track my beach runs with an Apple Watch while listening to music on my Apple AirPods Pro. On the weekends, I love riding e-bikes like the rugged, beach-friendly Aventon Aventure for fun and fitness.

My job involves a lot of virtual meetings, so a quality webcam, microphone, and ring light are important. I use the Jabra PanaCast 20 webcam, the Elgato Wave: 3 microphone, and a Yesker tripod ring light. 

As for my preferred phone platform, I'm an iPhone person, but I've also extensively used Android for product testing.

Read the latest from Angela Moscaritolo

Read full bio