Attention: NTPD DDoS Amplification Attacks
January 15, 2014
To Users of SFC-CNS/ERNS
NTPD DDoS Amplification Attacks
Recently, we have found DDoS (Network Amplification) attacks using the vulnerability of Network Time Protocol Daemon (NTPD).
NTPD has a monlist function for server administration and this function causes severs to return a massive response. If access to this function is not restricted appropriately, NTPD host on-campus has potential to be used as relay host of such DDoS attacks.
Please refer to below sites and set to NTPD appropriately.
JVNVU#96176042: NTP が DDoS 攻撃の踏み台として使用される問題 (in Japanese)
CWE-406: Insufficient Control of Network Message Volume (Network Amplification)
JPCERT-AT-2014-0001: ntpd の monlist 機能を使った DDoS 攻撃に関する注意喚起 (in Japanese)
CWE-406: Insufficient Control of Network Message Volume (Network Amplification)
JPCERT-AT-2014-0001: ntpd の monlist 機能を使った DDoS 攻撃に関する注意喚起 (in Japanese)
If we find such attacks to outside, we will terminate the network connection without prior notice. Thank you for your understanding and patience.
Last-Modified: January 15, 2014
The content ends at this position.