HTL Support News

Read the latest information and thinking on the world of IT Support Services.

HTL’s network partner – C4L responds to NTP amplification DDOS attacks

Dear Customer,


I wanted to write to you to share details surrounding our network, our response to the challenges that all carriers currently face and our plans for further actions to be taken in the coming weeks. Firstly I would like to acknowledge that our network has seen many incidents of high latency in the past 3 months; this is both unprecedented and unacceptable.

The root cause of these incidents is DDoS, (Distributed Denial of Service), attacks; specifically NTP & DNS amplification. This type of malicious attack has seen a major upsurge in frequency across the global Internet, rapidly becoming a major threat to the Internet as a whole, resulting in all Internet Service Providers significantly increasing effort and ingenuity to mitigate against this current threat.

For more details about what an NTP attack is please see our information sheet below:

What steps have we taken already?

It is extremely unfortunate that the recent increase in DDoS attacks has been felt prior to the full deployment of coreTX our new MPLS network; however we have now put in place a number of changes to our existing network to mitigate any DDoS effects in the meantime, this includes:

  • We have doubled the connectivity between our core sites and increased upstream bandwidth to our Tier 1 Internet providers.
  • We have negotiated an unprecedented arrangement with our Tier 1 providers to “rate limit” NTP and DNS traffic to our network. Traffic of this nature is limited to a maximum of 200Mbps, thus NTP or DNS attacks will not affect the business as usual capabilities of the network.
  • We have deployed an additional router on LINX to improve DDoS protection and prevent attacks from entering our network, together with doubling the capacity of our primary LINX connection.
  • C4L have also identified vulnerable ‘open NTP’ servers linked to our network. We are also engaged in a project to scan nearly 1 million IP addresses in our AS space, to identify devices that could be used in an attack either against us or anyone else on the internet.

This C4L community approach to the project allows us to confirm all C4L infrastructure is secure and that we have alerted all potentially impacted customers so that they can address their vulnerabilities. Necessarily this will always be an on-going project, as new infrastructure is introduced to our network every day.

Further benefits with the coreTX network

As you already know, in mid-2013, C4L took the decision to invest in a major new high performance MPLS network rollout, to protect and improve services for our customers. We instigated a major design project and have made a £2.3M investment in Juniper core hardware, Extreme switching hardware and additional network capacity. This project has now completed substantial testing which has taken longer than originally anticipated, however, I can now confirm that coreTX, will commence live deployment on April 26 2014.

Engineers are scheduling go-live dates at Data Centre locations across the network, allowing us to deliver on our promise; to make C4L’s coreTX network the leading carrier grade network available. Naturally we have embedded excellent DDoS protection, mitigation and traffic management into the network from the start, there are many features and benefits for our customers, including:

  • coreTX deliver an immediate increase in DC to DC bandwidth to 100Gbps, with consequently increases to our upstream Tier 1 connectivity. This one change alone would entirely have mitigated the current challenges our network has faced recently.
  • coreTX rate limits our internal NTP, DNS and SNMP traffic so we can internally control abuse traffic at all times.
  • Juniper hardware is used to ring fence device CPU, ensuring business as usual traffic is always flowing and our devices are always manageable during high traffic demands.
  • We have dramatically reduced convergence times across the network, from seconds to sub 1ms, following any traffic flow interruption, meaning we can reroute and manage traffic far more quickly and effectively.


We are committed to the services we provide. We realise the importance of reliability, stability and consistency and as a result these projects are at the forefront of C4L focus, in some cases we are breaking new ground in the morality of the internet to bring a better service to our customers.

I trust that you can recognise how seriously we take our role as your service provider and that I have demonstrated our commitment and investment to resolving current network problems and designing a network which will support your continued growth.

Kind regards

Simon Mewett

Download: ddos-ntp-amplification-attacks.pdf

Additional Info

  • Page Title: C4L responds to NTP amplification DDOS attacks