• No events
AEC v1.0.4

Cyber Security Info

Network Time Protocol used for amplified DDoS attacks

January 15, 2014

Share Button

U.S. CERT warns that the attackers use vulnerability CVE-2013-5211 in the Network Time Protocol. The attacker sends a monlist command to the vulnerable NTP server with spoofed address of the victim. That makes the list of last 600 IP addresses to be sent to the victim causing amplification of the DDoS attack. The NTP DDoS is difficult to block since the data are valid responses from legitimate servers. Operators of NTP servers should update ntpd to the version 4.2.7 or disable the monlist feature.

Share Button