"Fw: NTP Amplification Attacks Using CVE-2013-5211 | US-CERT" on Show IP Protocols

7 views
Skip to first unread message

Show IP Protocols

unread,
Jan 17, 2014, 2:23:57 AM1/17/14
to showipp...@googlegroups.com

"Fw: NTP Amplification Attacks Using CVE-2013-5211 | US-CERT" on Show IP Protocols

Link to Show IP Protocols

Fw: NTP Amplification Attacks Using CVE-2013-5211 | US-CERT

Posted: 16 Jan 2014 03:54 AM PST

Screen capture of this alert page.

If you are running NTP Daemon, remember to upgrade to Version 4.2.7, or just disable “monlist” functionality.


NTP Amplification Attacks Using CVE-2013-5211 | US-CERT

Overview

A Network Time Protocol (NTP) Amplification attack is an emerging form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible NTP servers to overwhelm a victim system with UDP traffic.

I believe IT administrators should react immediately even if you run NTP Daemon only inside your corporate network. Any insider knows this caveat could make you in trouble easily.


How to disable "monlist"?
To disable “monlist” functionality on a public-facing NTP server that cannot be updated to 4.2.7, add the “noquery” directive to the “restrict default” line in the system’s ntp.conf, as shown below:

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

Where to get updated NTP Daemon software?

NTP Download Page is here.

References

NTP Amplification Attacks Using CVE-2013-5211 | US-CERT
You are subscribed to email updates from Show IP Protocols
To stop receiving these emails, you may unsubscribe now.		 Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610
Reply all
Reply to author
Forward
0 new messages