Because NTP uses UDP as its transport protocol, and because it responds to certain queries with larger amounts of data than is used to perform the query, an amplification attack can tremendously increase the amount of traffic hitting a DOS (Denial of Service) target. TCP-based services require a handshake with the initial sender before replying, and so are not easily usable for amplification attacks.
US CERT has posted resolution steps for admins of systems with this vulnerability. The Open NTP Project also provides a scanner to help identify vulnerable systems.
No comments:
Post a Comment