For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Study on the Campus Website Construction
p.2857
Research on QoS Guarantee Technology for Intercom System Based on SIP
p.2863
Applied Research for Campus Student Credit Management System under the Cloud Storage
p.2868
Assess on E-Commerce Transaction Based on Web Technology
p.2872
NTP DRDoS Attack Vulnerability and Mitigation
p.2875
Binary Tree Model-Based Mobile Ad Hoc Network Dynamic Address Allocation Mechanism Research
p.2881
A High-Throughout Design of CAVLC Decoder for H.264/AVC
p.2886
A Distributed Comprehensive-QoS Multicast Routing Algorithm on WSNs
p.2890
Mobile Game Development with Flash as the Editor
p.2898

NTP DRDoS Attack Vulnerability and Mitigation

Article Preview

Abstract:

The Network Time Protocol (NTP) is used to synchronize clocks of various computer devices such as personal computers, tablets, and phones based their set time zones. The network of devices that use these NTP servers form a huge distributed network that attracted a number of attacks from late 2013 towards early 2014. This paper presents a hands-on test of the Distributed Reflection Denial of Service (DRDoS) attack by the monlist command, provides more vulnerability in the protocol, and offers mitigation to these vulnerabilities. A Kali Linux server was used to test the monlist command on its localhost. The results showed that a request with a size of 234 bytes got a response of 4,680 bytes. A busy NTP server can return up to 600 addresses which were theoretically calculated to return approximately 48 kilobytes in 100 packets. Consequently, this results in an amplification factor of 206×. The knowledge of the way the attack can be propagated was an important step in thwarting the attack and mitigating more such threats in the same protocol.

You might also be interested in these eBooks
Machine Tool Technology, Mechatronics and Information Engineering View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 644-650)

Pages:

2875-2880

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.644-650.2875

Citation:

Cite this paper

Online since:

September 2014

Authors:

A. Alfraih Abdulaziz Nasser*, Wen Bo Chen

Keywords:

Denial of Service, Network Security, Network Time Protocol, Server

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] C. Kaufman, Perlman, R., & Speciner, M. Network security: private communication in a public world,. Prentice Hall Press, (2002).

Google Scholar

[2] J. Kristoff. NTP Reflections,. Retrieved on 8th June 2014 from <https: /labs. ripe. net/Members/mirjam/ntp-reflections>, (2014).

Google Scholar

[3] J. D. Guyton, & Schwartz, M. F. Experiences with a survey tool for discovering network time protocol servers,. In USENIX Summer (pp.257-265), (1994).

DOI: 10.21236/ada453548

Google Scholar

[4] Network Time Protocol,. Security Notice,. Retrieved on 8th June 2014 from <http: /support. ntp. org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>, (2014).

Google Scholar

[5] Stallings, William. Network and internetwork security: principles and practice,. Prentice-Hall, Inc., (1995).

Google Scholar

[6] US-CERT. NTP Amplication Attacks Using CVE-2013-5211,. Retrieved on 8th June 2014 from <https: /www. us-cert. gov/ncas/alerts/TA14-013A> (2014).

Google Scholar

[7] J. Cumming. Understanding and Mitigating NTP-based DDoS attacks,. Retrieved on 8th June 2014 from <http: /blog. cloudflare. com/understanding-and-mitigating-ntp-based-ddos-attacks>, (2014).

Google Scholar

[8] S. Alawi. NTP reflection attack,. Retrieved on 8th June 2014 from <https: /isc. sans. edu/diary/NTP+reflection+attack/17300>, (2013).

Google Scholar

[9] M. Prince. Technical Details Behind a 400Gbps NTP Amplification DDoS Attack,. Retrieved on 8th June 2014 from < http: /blog. cloudflare. com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack >, (2014).

Google Scholar

[10] C. Janet. Seven steps to secure ntp servers from DDoS attacks,. Retrieved on 8th June 2014 from <https: /community. ja. net/library/janet-services-documentation/seven-steps-secure-ntp-servers-ddos-attacks>, (2014).

Google Scholar

[11] Bencsáth, Boldizsár, and István Vajda. Protection against DDoS attacks based on traffic level measurements., In 2004 International Symposium on Collaborative Technologies and Systems, pp.22-28. (2004).

Google Scholar

[12] Mills, David. Network Time Protocol (Version 3) specification, implementation and analysis., (1992).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.