Need help? Chat now!

Hostwinds Blog

Search results for:

US-CERT Warns of Abusive DDoS Attacks Featured Image

US-CERT Warns of Abusive DDoS Attacks

by: Bryon Turcotte  /  January 17, 2014

A warning from the United States Computer Emergency Readiness Team (US-CERT) announces an increase in Distributed Denial-of-Service (DDoS) attacks that "_leverage the Network Time Protocol (NTP) to amplify the attack volume_, "according to a recent article published by EWeek. US-CERT outlined how DDoS attacks can take multiple shapes as "_those who commit them leverage different techniques to drown Websites under a flood of traffic_, "as the article indicates.

As clarified in the article, "NTP is a widely deployed Internet protocol that is primarily used as a time-keeping technique for clock synchronization_" – but according to this report, attackers are not simply "_requesting the time from an NTP server to execute DDoS attacks." The article states that the invaders are "abusing a feature in NTP that enables administrators to query an NTP server_" – via a monlist command – to gain information on "_connected clients and their traffic counts."

According to this report, the US-CERT continues to warn by saying, "This command causes a list of the last 600 IP addresses which connected to the NTP server to be sent to the victim. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim." In addition, the article also quotes the US-CERT warning to say that "since NTP traffic is typically considered legitimate, it can be difficult for administrators to block the attack."

Read more details about the US-CERT warnings, other vulnerabilities, and comments from industry experts regarding the mechanics of these attacks in the full article at EWeek.

Written by Bryon Turcotte  /  January 17, 2014