Size of the Attack on Sony's Servers
Throughout the past week hackers have been taking down Twitch.tv, Xbox Live, PSN, League of Legends, and Battle.net in addition to causing a lot of trouble for Sony Online Entertainment President John Smedley. Seeing so many large and brazen assaults might lead you to think that it takes some pretty incredible stuff to bring them down, but that's not actually the case.
According to tweets (now deleted) from hacker FamedGod claiming credit for bringing down PSN, flooding the PSN servers with 263.35 gigabits per second of junk data brought the gaming service down earlier this week. That's equivalent to 17,556 times the average US connection speed. He claimed to use an "NTP attack."
I spoke with a few security experts including Jill Scharr at consumer electronics site Tom's Guide and Sean Gallagher at Ars Technica. They said that these attacks aren't particularly special. Normally, massive servers are designed to handle hundreds if not thousands of simultaneous requests for information, but hackers have found ways to overwhelm even the best systems by flooding them with useless data.
The PSN attack in particular used Network Time Protocol or NTP servers. NTP servers are simply systems that keep track of time and report them to a given set of clients. If you use a Windows PC and you have your computer's clock set to "Update Automatically", it's actually checking in with an NTP server every so often to make sure your computer has the right time. That may seem like an unimportant job, but computers are stunningly precise, and having the wrong time in a computer system can cause a lot of programs to stop working properly.
An NTP attack takes advantage of the fact that these servers connect to thousands of others computers around the world regularly to hit targets with massive amounts of data. With a few short commands anyone can request a list of the last several hundred computers an NTP server connected to. Hackers can abuse this by forging their IP address and masquerading as their target. From there, they request massive amounts of data from an NTP server, but instead of it being sent to the attacker ( in this case FamedGod), it's directed to their target (PSN).
These attacks are tough to block because all of the data being sent is legitimate, and the servers involved are necessary pieces of internet infrastructure. And according to Arbor Networks, an IT security company, NTP attacks are rapidly gaining size and popularity. That's in no small part due to the proliferation of tools like DNS Flooder, which can magnify the attack by over 50 times.
Cloudflare another IT security company specializing in DDoS protection has a full rundown of what an NTP attack is and how it is executed here.
You're reading Numbers, a blog on Kotaku that examines games and culture through the lens of math and statistics. To contact the author of this post, write to firstname.lastname@example.org or find him on Twitter @dcstarkey.
Image credit: CloudFlare