by Michael Mimoso June 24, 2014
While patching of webservers vulnerable to the Heartbleed OpenSSL bug may have stalled, the same cannot be said about repairs to NTP servers that could be leveraged in devastating amplification attacks.
A spate of distributed denial-of-service attacks (DDoS) tore through companies in January and February, some reaching 400 Gbps and keeping critical services offline. Attackers took advantage of a weakness in the Network Time Protocol (NTP) to send copious amounts of traffic to spoofed destinations. The DDoS attacks were cheap and easy to pull off, and garnered the concern of among others US-CERT, which issued an advisory in January at the height of the takedowns.
Full Article
Dramatic Drop in Vulnerable NTP Servers Used in DDoS Attacks
Userlevel 7
+54
Userlevel 7
+56
Interesting - I know a lot of people block NTP for this reason.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.