Recent denial-of-service attacks taking down League of Legends and other popular gaming services are doing more than just wielding a rarely-seen technique to vastly amplify the amount of junk traffic directed at targets. In at least some cases, their devastating effects can deprive celebrity game players of huge amounts of money.
As Ars reported last week, the attacks are abusing the Internet's Network Time Protocol (NTP), which is used to synchronize computers to within a few milliseconds of Coordinated Universal Time. A command of just 234 bytes is enough to cause some NTP servers to return a list of up to 600 machines that have previously used its time-syncing service. The dynamic creates an ideal condition for DoS attacks. Attackers send a modest-sized request to NTP servers and manipulate the commands to make them appear as if they came from one of the targeted gaming services. The NTP servers, which may be located in dozens or even hundreds of locations all over the world, in turn send the targets responses that could be tens or hundreds of times bigger than the spoofed request. The technique floods gaming servers with as much as 100Gbps, all but guaranteeing that they'll be taken down unless operators take specific precautions ahead of time.
Among the recent targets of this type of attack are game servers used by celebrity players who broadcast live video streams of their gaming prowess that are viewed as many as 50,000 times. In some cases, the massive audiences translate into tens of thousands of dollars per month, as ads are displayed beside video feeds of the players blowing away opponents in Dota 2 and other games.