[ntp:questions] DDOS attacks and NTP

Brian Utterback brian.utterback at oracle.com
Tue Nov 5 22:25:29 UTC 2013

On 11/5/2013 5:41 AM, Marco Marongiu wrote:
> Hi all
> A colleague contacted me yesterday and asked:
>> You being somewhat tied to the NTP world, hear anything about public
>> NTP servers being used for amplification in ddos attack?
> I haven't heard anything about that. Have you? In case, anything you can
> share about that?

There was a CVE many years ago that sounds similar. It was possible to 
send a malformed NTP packet with a spoofed IP address that resulted in 
continuous ping ponging between two servers. If you did that with enough 
servers so that they were all ping ponging packets with one server, you 
could swamp it. But as I said that was fixed quickly and years ago.

Brian Utterback.

More information about the questions mailing list