NTP Amplification Attacks - Impacts and Mitigation

The recent increase in NTP amplification attack has shed the light on the utility of control-plane filtering. A few days ago, the US-CERT issued an advisory that warns the public about this emerging form of Distributed Denial of Service (DDoS) attack. As you know, the Network Time Protocol (NTP) is a very popular UDP based protocol, used by a large number of computers and devices, including routers and switches to keep their software clocks synchronized with remote references clocks. The protocol support a number of administrative requests that returns statistical information, such as a list of the last 600 associated clients, the statistical counters associated with the protocol's I/O module, and so on. Most of these commands are ideal for amplification attacks, because they returns a large number of information, and therefore their replies have sizes significantly higher than their initial requests.

Read More