Feeds

Don't be a DDoS dummy: Patch your NTP servers, plead infosec bods

Popular attack method could be stopped with a config tweak

SANS - Survey on application security programs

Security researchers have responded to recent denial of service attacks against gaming websites and service providers that rely on insecure Network Time Protocol servers by drawing up a list of vulnerable systems.

Network Time Protocol (NTP) offers a means of synchronising clocks over a computer network. Features of the simple UDP-based protocol mean it is possible to abuse it to return a large reply to a small request.

The technique was used to take down Battle.net, League of Legends, Steam and other gaming sites in late December for reasons that still remain unclear, weeks later.

Symantec recorded a "significant spike in NTP reflection attacks" in general over the Christmas season.

DNS-based reflection and amplification attacks were used in high volume attacks against Spamhaus and others in 2013. "NTP-based attacks use similar techniques, just a different protocol," CloudFlare, the web security firm that helped Spamhaus mitigate last year's packet flood, explains.

Open NTP servers are the new open DNS resolvers. In just the same way that the ‪openresolverproject.org aimed to list open DNS resolvers a new service called openntpproject.org.

The message to web admins and ISPs in both cases is clear: fix your servers and prevent them from participating in amplification attacks. Resolving misconfiguration problems in either case is straightforward and shouldn't take more than a few minutes. In the case of open DNS resolvers the fix involves configuration changes, while open NTP servers can be taken out of the pool of systems open to abuse by cybercrooks through either patching or disabling an abusable service.

Publicly accessible NTP servers can be abused to swamp a target system with UDP traffic. An attacker would send a series of "get monlist" requests to a vulnerable NTP server, with the source address spoofed to be the victim’s.

US-CERT advises sys admins to either disable the monlist functionality within the NTP server or to upgrade to the latest version of the technology (NTP 4.2.7), which doesn't automatically enable the problematic monlist service. A small query can redirect megabytes of traffic, security experts at the SANS Institute's Internet Storm Centre warn.

The Open NTP Project is a useful resource in helping to identify vulnerable systems because it allows sysadmins to use external IP addresses to search through a ready-compiled database of affected machines, as explained in a blog post by cloud security firm Qualys here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.