[ntp:questions] DDOS attacks and NTP
brian.utterback at oracle.com
Tue Nov 5 22:25:29 UTC 2013
On 11/5/2013 5:41 AM, Marco Marongiu wrote:
> Hi all
> A colleague contacted me yesterday and asked:
>> You being somewhat tied to the NTP world, hear anything about public
>> NTP servers being used for amplification in ddos attack?
> I haven't heard anything about that. Have you? In case, anything you can
> share about that?
There was a CVE many years ago that sounds similar. It was possible to
send a malformed NTP packet with a spoofed IP address that resulted in
continuous ping ponging between two servers. If you did that with enough
servers so that they were all ping ponging packets with one server, you
could swamp it. But as I said that was fixed quickly and years ago.
More information about the questions