DDoS mitigated; NTP Amplification attack

  • Written by
    Herman Bos
  • Published on

Today we received a DDoS on our network which caused a service interruption for our customers for about 20 minutes. This blogpost is a short report on the impact and nature of the attack.


Impact was network wide and caused degraded service for our customers between 14:45 and 15:08, a little over 20 minutes.

offsite ping statistics from UK monitoring node

The graph shows the impact as seen from our UK monitoring node (off net).

Incoming traffic

Incoming traffic

All our uplinks were saturated. The graphs show average traffic per 5 minutes. This rounds off the real traffic spikes and spreads out the traffic over a longer period but it gives a fair impression on the traffic faced.

NTP amplification

The DDoS was executed through NTP amplification. If you are interested in the type of the attack you can read a good (technical) explaination in this blogpost.

Follow up

DDoS mitigation has our ongoing attention and is a regular discussion topic at the office. The experience today will add to this process and be used to improve our DDoS mitigation.

We would like to thank our upstream providers in their quick response and assistance in mitigating the attack today and apologize to our customers for the service interruption.

Back to overview Newer post: FreeBSD fix/cheat sheet Older post: python parsestring / silently skips entities