UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected.
NTP and other UDP-based protocols can be used to amplify denial-of-service attacks. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. This is similar in scope to DNS Amplification Attacks.
In a reflected denial-of-service attack, the attacker spoofs the source address of attack traffic, replacing the source address with the target's address. Certain NTP control messages provide significant bandwidth amplification factors (BAF).
An unauthenticated remote attacker may leverage the vulnerable NTP server to conduct a distributed reflective denial-of-service (DRDoS) attack on another user.
Apply an Update
Check if the amplified responses are enabled
Thanks to Christian Rossow for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2014-01-10|
|Date Last Updated:||2014-08-26 15:00 UTC|