[ntp:questions] Public ntp-server and reflection-attacks
Rudolf E. Steiner
res-usenet at communicate.at
Thu Nov 21 16:42:39 UTC 2013
Hi.
We have strong reflection-attacks on our public timeserver ("ntpd 4.2.6p5").
The strange behavior is the server received one packet and sends 100 packets
to the target.
Incoming packet:
----- begin -----
Network Time Protocol (NTP Version 2, private)
Flags: 0x17
0... .... = Response bit: Request (0)
.0.. .... = More bit: 0
..01 0... = Version number: NTP Version 2 (2)
.... .111 = Mode: reserved for private use (7)
Auth, sequence: 0
0... .... = Auth bit: 0
.000 0000 = Sequence number: 0
Implementation: XNTPD (3)
Request code: MON_GETLIST_1 (42)
----- end -----
First outgoing packet:
----- begin -----
Network Time Protocol (NTP Version 2, private)
Flags: 0xd7
1... .... = Response bit: Response (1)
.1.. .... = More bit: 1
..01 0... = Version number: NTP Version 2 (2)
.... .111 = Mode: reserved for private use (7)
Auth, sequence: 0
0... .... = Auth bit: 0
.000 0000 = Sequence number: 0
Implementation: XNTPD (3)
Request code: MON_GETLIST_1 (42)
----- end -----
Second outgoing packet:
----- begin -----
Network Time Protocol (NTP Version 2, private)
Flags: 0xd7
1... .... = Response bit: Response (1)
.1.. .... = More bit: 1
..01 0... = Version number: NTP Version 2 (2)
.... .111 = Mode: reserved for private use (7)
Auth, sequence: 1
0... .... = Auth bit: 0
.000 0001 = Sequence number: 1
Implementation: XNTPD (3)
Request code: MON_GETLIST_1 (42)
----- end -----
[...]
Last outgoing packet:
----- begin -----
Network Time Protocol (NTP Version 2, private)
Flags: 0x97
1... .... = Response bit: Response (1)
.0.. .... = More bit: 0
..01 0... = Version number: NTP Version 2 (2)
.... .111 = Mode: reserved for private use (7)
Auth, sequence: 99
0... .... = Auth bit: 0
.110 0011 = Sequence number: 99
Implementation: XNTPD (3)
Request code: MON_GETLIST_1 (42)
----- end -----
This means, the attacker sends _one_ packet and gets _100_ packets to his
target.
How can I disable this behavior of ntpd?
--
Rudolf E. Steiner
res-usenet at communicate.at
More information about the questions
mailing list