Send Us An Email

Give us a call

(847) 697-3282

Free Consultation

Ferrum Technology Services Blog

Ferrum Technology Services has been serving the Elgin area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x

Security Alert: NTP Attacks Are On The Rise

ntp-clock-alert

IRecently hackers have been exploiting a hole in the default Linux NTP (Network Time Server) to perform denial of service attacks. Your PBX or other internal servers use this service to display the correct time on your phones or other devices. You are susceptible to this attack if you have port 123 UDP open to the internet forwarded to an internal server.

This PC World article will explain it better than I ever could…

So how do you fix it? Here’s where I’m going to get technical, if you’re not technical get someone who is to read this article. You can reconfigure your NTP server in one or more of these ways:

  1. If you run ntpd, upgrading to the latest version, which removes the “monlist” command that is used for these attacks; alternately, disabling the monitoring function by adding “disable monitor” to your /etc/ntp.conf file.
  2. Setting the NTP installation to act as a client only. With ntpd, that can be done with “restrict default ignore” in /etc/ntp.conf; other daemons should have a similar configuration option. More information on configuring different devices can be found here: https://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html.
  3. Adjusting your firewall or NTP server configuration so that it only serves your users and does not respond to outside IP addresses.

If you don’t mean to run a public NTP server, we recommend #1 and #2. If you do mean to run a public NTP server, we recommend #1, and also that you rate-limit responses to individual source IP addresses — silently discarding those that exceed a low number, such as one request per IP address per second. Rate-limit functionality is built into many recently-released NTP daemons, including ntpd, but needs to be enabled; it would help with different types of attacks than this one.

Fixing open NTP servers is important; with the 400x+ amplification factor of NTP DRDoS attacks — one 40-byte-long request usually generates 18252 bytes worth of response traffic — it only takes one machine on an unfiltered 1 Gbps link to create a 450+ Gbps attack!

Tags:
Alert Network Hackers
Are You Being Hacked by Your Neighbor’s Cat?
Windows Phone vs. iOS vs. Android: The Mobile Comp...

About the author

Ferrum Technology Services, LLC

Ferrum Technology Services, LLC

Ferrum Technology Services, LLC has not set their biography yet

Author's recent posts

More posts from author
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Monday, 06 May 2024

Captcha Image

Posts by Topic

Tag Cloud

Blog Archive

2024
January (14)
February (12)
March (13)
April (13)
May (2)
June
July
August
September
October
November
December
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
January
February
March
April
May
June
July
August
September
October
November
December
2011
January
February
March
April
May
June
July
August
September
October
November
December
2010
January
February
March
April
May
June
July
August
September
October
November
December
2009
January
February
March
April
May
June
July
August
September
October
November
December
2008
January
February
March
April
May
June
July
August
September
October
November
December
2007
January
February
March
April
May
June
July
August
September
October
November
December

Mobile? Grab this Article

QR Code