Dec 02, 2014

What is an NTP attack?

There have been a few stories lately about NTP attacks on websites. I think it is a form of DDoS attack, but what makes it different? How does an NTP attack work?
12/13/2014
NTP is Network time protocol and it’s used to synch the time between client and server, it is a UDP protocol and it’s run on port 123.

In the NTP reflection attack the attacker send a crafted packet which request a large amount of date send to the host.
12/04/2014
NTP is Network time protocol and it’s used to synchronize a computer's time with a time server. NTP uses UDP protocol on port 123 for communication.

In an NTP (reflection) attack, the attacker sends a crafted packet requesting a large amount of data to the time server. NTP commands like Monlist, available on older versions of NTP are used in the crafted packet to get a historical list of computers who connected to the time server. The list of servers can be used thereafter to attack or infect them at a later time.
Answer this