Dec 02, 2014

What is an NTP attack?

There have been a few stories lately about NTP attacks on websites. I think it is a form of DDoS attack, but what makes it different? How does an NTP attack work?
NTP is Network time protocol and it’s used to synch the time between client and server, it is a UDP protocol and it’s run on port 123.

In the NTP reflection attack the attacker send a crafted packet which request a large amount of date send to the host.
NTP is Network time protocol and it’s used to synchronize a computer's time with a time server. NTP uses UDP protocol on port 123 for communication.

In an NTP (reflection) attack, the attacker sends a crafted packet requesting a large amount of data to the time server. NTP commands like Monlist, available on older versions of NTP are used in the crafted packet to get a historical list of computers who connected to the time server. The list of servers can be used thereafter to attack or infect them at a later time.
Answer this