[ntp:security] DDoS using reflected NTP attacks

Danny Mayer mayer at ntp.org
Mon Mar 17 17:54:07 UTC 2014

On 3/17/2014 9:19 AM, Mark Ward wrote:
> Hello, I’m a journalist working at the BBC who regularly writes about
> computer security and wondered if anyone from the NTP organisation would
> be able to help with a query I had about NTP reflection attacks. I was
> chatting to some researchers at Arbor who said they had seen a huge
> increase in the number of attacks using unsecured NTP servers. I was
> wondering if there was any way for people who run NTP servers to avoid
> being enrolled in such attacks and what action the community as a whole
> is taking to limit the damage these attacks can do. I’ve seen the
> security notices but wasn’t sure how many people had acted upon them
> or if there was more focussed work being done to harden NTP servers.

Hi Mark,

I remember getting in touch with you a number of years ago when a router
vendor had hardcoded an IP address for Poul Henning-Kemp's NTP Server
without his permission. Your article got them to address the issue. I
will leave it for Harlan to respond to some of your questions since he's
been involved in getting the various pieces of information published as
well as the CERT process. He's also been in touch with a number of folks
being targeted by this.

I can chime in for additional questions you may have once he's able to


> Many thanks
> Mark
> Mark Ward
> Technology correspondent
> BBC News
> 020 3614 1225
> 07976 429022
> mark.ward.01 at bbc.co.uk <mailto:mark.ward.01 at bbc.co.uk>
> @markbward

More information about the security mailing list