Patch NTP server at the beginning of DDoS counterattack

According to the DDoS Defense company NSFOCUS call ,IT The industry seems to be right 2014 Relevant at the beginning of the year DDoS The warning of amplifying the increasing risk of attack has responded well , Patched a large number of vulnerable servers .

The US provider announced on Tuesday New statistics , call 3 Global vulnerability in January NTP The number of servers is about 21,000 platform ,5 The month fell again to 17,600 platform . This is lower than 2013 year 12 Of the month 432,120 people .

however , The system administrator still needs to finish the work . The report also claims that , It can enlarge the flow 700 Times more NTP The number of amplifiers has increased from 12 Of the month 1,224 One added to today's 2,100 individual .

“US-CERT And network time protocol strongly recommend that system administrators ntpd Upgrade to 4.2.7p26 Or later ,”NSFOCUS say .

“4.2.7p26 Users of earlier versions should use noquery To block all status queries , Or use disable monitor To disable ntpdc –c monlist command , At the same time, other status queries are still allowed .”

As early as 1 month , The United States CERT Just warn , Using public server NTP Zoom in DDoS The threat of attack is growing .

If it's not properly protected , The global NTP The ubiquity of servers makes them potentially dangerous agents for such attacks . A series of connected devices are used NTP To synchronize their clocks .

Attackers can get through “monlist” Query the last of the requests to connect to the server 600 individual IP List of addresses , Thus, it is quite easy to take advantage of open NTP The server .

Then what they need to do is disguise the source address as the victim's source address , Overwhelm them by sending a large number of results IT System .

Suggest upgrading to a new one NTP Version will be automatically disabled monlist function .

Network security company Incapsula stay 3 A project released in September DDoS Threat situation Research Show , since 1 Since the month ,NTP Amplification attacks have undergone a major shift , Maximum attack reached 180Gbps.