Multiple reports suggest the largest ever DDoS attack - peaking at 400Gbps - has hit targets in the US and Europe though who is behind the attack, and who the victims were remains a mystery.

Last year a DDoS (distributed denial of service) attack on the anti-spamming group Spamhaus was declared the "biggest in the history of the internet" peaking at 300 gigabits per second (Gbps).

On Monday reports from the US and France suggest an attack peaking at 400Gbps had been launched using a new technique which allows an attacker to easily amplify their attack while hiding their identity.

The first report came from Matthew Prince, CEO of DDoS-mitigation company CloudFlare, which was also involved in the Spamhaus attack.

Prince revealed on Twitter that one of his clients was being hit by a very big "NTP-reflection attack", adding that it "appears to be bigger than the #Spamhaus attack from last year."

Prince went on to say the attack was peaking at over 400Gbps, 100 Gbps more than the previous record biggest known DDoS attack.

Prince refused to reveal which client of his was been attacked, saying that unlike the Spamhaus incident, he did not have permission to disclose the victim's identity. Prince did reveal that the impact of the attack was being felt more in Europe than in the US.

In France, hosting company OVH reported a similarly-sized attack of "over 350Gbps" in the early hours of Tuesday morning, but it remains unclear if the attacks came from the same source.

What is an NTP Reflection attack?

A reflection attack is a type of DDoS attack which sees the attacker spoof the IP address of the victim and send a packet to a server on the internet which will reply immediately. Because the source IP address is forged, the remote internet server replies and sends the data to the victim, overwhelming the victim's system and knocking them offline.

What makes reflection attacks really powerful is when they are also amplified.

Cloudflare explains: "When a small forged packet elicits a large reply from the server (or servers). It means that an attacker with a relatively small amount of bandwidth can generate a huge amount of potential traffic to flood the victim's website."

The ideal DDoS tool

NTP stands for the Network Time Protocol that is used by machines connected to the Internet to set their clocks accurately. It is a widely used protocol across desktops, servers and even phones to keep their clocks in sync.

According toCloudFlare: "NTP protocol is prone to amplification attacks because it will reply to a packet with a spoofed source IP address and because at least one of its built in commands will send a long reply to a short request. That makes it ideal as a DDoS tool."

In another tweet, Prince warned that we are likely to see many more attacked like this: "Someone's got a big new cannon. Start of ugly things to come."