Micron21 provides network DDoS protection as-a-service for customers within our Datacentre. We also protect Australian and International networks via our Soak and Scrub Service.
We often report on large scale DDoS attacks that we mitigate for our customers, the latest being a 90gbit attack on the 14th of January 2016, however this time we would like to report something 'different'.
On the 29th of June 2016, an Australian VOIP provider that we protect, received a small scale 3gbit NTP DDoS attack which lasted for 40 minutes. Whilst a 3gbit NTP attack by itself is nothing special to report on, what was interesting was how well-crafted the attack was – using an Australian network to attack another Australian network.
In this attack, all NTP attack traffic originated from within Australia – reflected from Optus Speed Test Mirrors. These mirrors are distributed across Melbourne, Brisbane and Perth, and were targeting the Australian client.
NMAP – Monlist
Using 'nmap' and a monlist script we probed an Optus Speed Test mirror, which was rejecting traffic towards our customer. We could confirm that the speedtest mirrors were open to NTP amplification using monlist.
The fact that speed test servers are often on extremely high capacity networks makes them a powerful amplification host for NTP DDoS attacks targeting Australian networks from within Australia.
We were easily able to keep this Australian client online for the duration of the attack, because Micron21 are the primary provider of DDoS Protection as-a-service in Australia. The common misconception that DDoS attacks and other cyber security th reats entirely originate from other countries can be a single point of failure for an Australian company or network who only purchase DDoS protection and security on their International links.
If you’d like more information on our premium DDoS services, don’t hesitate to get in touch or visit our services page to learn more. We offer a variety of packages to suit your business requirements.