Question: There have been a few stories lately about NTP attacks on websites. I think it is a form of DDoS attack, but what makes it different? How does an NTP attack work?
Answer: NTP is Network time protocol and it’s used to synchronize a computer's time with a time server. NTP uses UDP protocol on port 123 for communication.
In an NTP (reflection) attack, the attacker sends a crafted packet requesting a large amount of data to the time server. NTP commands like Monlist, available on older versions of NTP are used in the crafted packet to get a historical list of computers who connected to the time server. The list of servers can be used thereafter to attack or infect them at a later time.
Source
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.