US-CERT warns of new DDoS technique

IT organizations were warned again yesterday, about a new type of distributed denial-of-service (DDoS) attack which takes advantage of unprotected old Network Time Protocol (NTP) servers to overwhelm their victims’ systems.

The NTP servers supports a monitoring service that allows administrators to query the server for traffic counts of connected clients. This information is accessed through the “monolist” command, according to an alert issued this week by the United States – Computer Emergency Readiness Team.

NTP amplification attackers are able to exploit the monolist feature because it is typically enabled by default on older NTP-capable devices. Security experts have long known that NTP application attacks where possible but many of them recently found out how effective this method was in the recent rash of DDoS attacks on gaming sites.

“The basic attack technique consists of an attacker sending a “get monolist” request to a vulnerable NTP server, with the source addressed spoofed to be the victim’s address,” the US-CERT post said. “Due to the spoofed source address, when the NTP server sends the response, it is sent to the victim.”

The command results in the transmission to the victim’s system of the last 600 Internet Protocol addresses which connected to the NTP server.

Since the size of the response in usually considerably larger that the request, according to the security team, the attacker is able to amplify the volume of traffic directed at the victim. Apart from that, because the responses are legitimate data coming from a valid server, it is difficult for systems to block such an attack.

“The only solution is to disable the monolist within the NTP server or to upgrade to the latest version of NTP (4.2.7) which disables the monolist functionality,” the US-CERT advisory said.

For instructions on how to detect an NTP amplification attack and how to mitigate it, click here.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now