Feeds

Sysadmins rejoice! Patch rampage killing off nasty DDoS attack vector

Server fleet open to NTP attack drops from 400k to just 17,000

Top 5 reasons to deploy VMware with Tegile

Sysadmins rejoice! NSFOCUS researchers say hundreds of thousands of Network Time Protocol (NTP) servers have been patched, reducing the threat from some devastating and cheap distributed denial of service (DDoS) attacks.

The patching rampage saw the number of vulnerable NTP servers drop from 432,120 at the start of the year to 17,647 in May.

The sharp decline followed alerts by Computer Emergency Response Teams (CERTs) and the media to a rise in powerful NTP reflection DDoS attacks that deluged websites and servers with record levels of junk traffic.

Using NTP servers for DDoS attacks offers resourced-starved assailants huge bang for buck. Small packets can be sent to insecure NTP servers, normally used to synchronise clocks, which would then return an amount of data magnified many hundred-fold to a target of the attacker's choosing.

Instances of NTP DDoS attacks appeared to spike earlier this year when popular gaming servers and enterprises were knocked offline under the traffic streams tipping 400 Gbps in February and in separate attacks peaking 800 Gbps in March.

Patches closed off or restricted monlist functions used in the attacks which normally provided a list of the previous 600 boxes that communicated with a NTP server. Villains would spoof monlist requests from victim machines which would then be heavily DDoSed.

NSFOCUS wrote in a report that the patching effort was laudable but more work needed to be done.

"The decline in vulnerable servers indicates that many network and system administrators have taken the necessary steps to disable or restrict monlist functions; however proper steps should be taken to ensure the rest of the vulnerable servers are protected," the company wrote.

"US-CERT and Network Time Protocol strongly advise system administrators to upgrade ntpd to version 4.2.7p26 or later. Users of earlier versions of 4.2.7p26 should either use noquery in the default restrictions to block all status queries, or use disable monitor to disable the ntpdc – c monlist command while still allowing other status queries." ®

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.