[time-nuts] NTP as vector for DDOS attacks?
Chris Albertson
albertson.chris at gmail.com
Fri Jan 10 19:52:59 UTC 2014
It's not a big deal. Even if one pool NTP server is down, there are
literally hundreds others and most NTP users are configured to look at
between three and five. Not only that if they POOL servers are randomly
assigned so if one of your NTP servers is taken down, next time it is
unlikely you'd get hooked up to the same pool server
Basically taking down an NTP server is just like a kid at school covering
over a clock so "no one will know what time it is" The easy solution is
that everyone will just look at a different clock.
I actually doubt you could take down a public NTP server unless you used a
distributed attack with thousands of PCs all sending packets.
On Fri, Jan 10, 2014 at 4:32 AM, Jim Lux <jimlux at earthlink.net> wrote:
> http://arstechnica.com/security/2014/01/dos-attacks-
> that-took-down-big-game-sites-abused-webs-time-synch-protocol/
>
> Interesting.. throw requests at an NTP server that look as if they come
> from the target, prompting large responses to the victim, presumably to
> overload it.
>
>
> The article talks about how the victim site can easily filter out the
> messages from the NTP server, but does not seem to discuss the "societal"
> impact of potentially screwing up a public service (the NTP server)
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>
--
Chris Albertson
Redondo Beach, California
More information about the Time-nuts_lists.febo.com
mailing list