NTP DDoS: The New Threat

June 16, 2014

Network Time Protocol (NTP) attacks are bursting onto the DDoS scene. Hackers patterns in the early days of 2014 show us that NTP DDoS attacks are in vogue - are you ready to protect your website?


What is NTP?

As the name suggests, NTP is a networking protocol designed to synchronize time between connected machines. Computers, smartphones, tablets, regardless of their OS, use NTP to make sure everyone’s clock is lined up.


How is NTP Abused?

Recently hackers have come across an exploitable quirk in NTP, and they are using it to bring down networks of all sizes. NTP DDoS takes advantage of an antiquated command in the protocol called ‘monlist’ which requests the previous 600 IPs that communicated with the target server. Normally, the NTP target server can reply to this relatively infrequent request without any problem. However, hackers have figured out that by using botnets to send millions of these monlist requests at once, they can easily bring down a target server.

If you have some experience with DDoS, you might be saying to yourself, “this attack method sounds an awful lot like DNS amplification,” and you would be correct. DNS protocol DDoS can multiply their request from botnet to target by a factor of eight. But with the monlist command, the NTP amplification factor can reach over 600x (the ratio of data in the request to data in the response).


Record Broken

In February, several high profile companies were hit with NTP DDoS attacks....

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.