US-CERT Warns of Network Time Protocol Amplification DDOS Attacks


US-CERT has issued a warning regarding DDOS attacks that abuse NTP

Security experts have recently warned that cybercriminals are increasingly abusing the Network Time Protocol (NTP) for distribute denial-of-service (DDOS) attacks. Now, even US-CERT has issued a warning regarding NTP amplification attacks.

Such attacks usually rely on the “monlist” command which enables the attackers to send large amounts of traffic to a specified IP address by sending a small request to the vulnerable NTP server.

The easiest way for organizations to ensure that their systems are not abused for such attacks is to upgrade the NTP to the latest version (4.2.7), in which the “monlist” command is disabled.

In case this is not an option, the functionality can be disabled on public-facing NTP servers by adding the “noquery” directive to the “restrict default” line in the ntp.conf file. Here is an example on how the line should look:

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s