Feeds

Sysadmins rejoice! Patch rampage killing off nasty DDoS attack vector

Server fleet open to NTP attack drops from 400k to just 17,000

Secure remote control for conventional and virtual desktops

Sysadmins rejoice! NSFOCUS researchers say hundreds of thousands of Network Time Protocol (NTP) servers have been patched, reducing the threat from some devastating and cheap distributed denial of service (DDoS) attacks.

The patching rampage saw the number of vulnerable NTP servers drop from 432,120 at the start of the year to 17,647 in May.

The sharp decline followed alerts by Computer Emergency Response Teams (CERTs) and the media to a rise in powerful NTP reflection DDoS attacks that deluged websites and servers with record levels of junk traffic.

Using NTP servers for DDoS attacks offers resourced-starved assailants huge bang for buck. Small packets can be sent to insecure NTP servers, normally used to synchronise clocks, which would then return an amount of data magnified many hundred-fold to a target of the attacker's choosing.

Instances of NTP DDoS attacks appeared to spike earlier this year when popular gaming servers and enterprises were knocked offline under the traffic streams tipping 400 Gbps in February and in separate attacks peaking 800 Gbps in March.

Patches closed off or restricted monlist functions used in the attacks which normally provided a list of the previous 600 boxes that communicated with a NTP server. Villains would spoof monlist requests from victim machines which would then be heavily DDoSed.

NSFOCUS wrote in a report that the patching effort was laudable but more work needed to be done.

"The decline in vulnerable servers indicates that many network and system administrators have taken the necessary steps to disable or restrict monlist functions; however proper steps should be taken to ensure the rest of the vulnerable servers are protected," the company wrote.

"US-CERT and Network Time Protocol strongly advise system administrators to upgrade ntpd to version 4.2.7p26 or later. Users of earlier versions of 4.2.7p26 should either use noquery in the default restrictions to block all status queries, or use disable monitor to disable the ntpdc – c monlist command while still allowing other status queries." ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.