Follow

Q&A: What is NTP Amplification Attack?

 

Question

  • What is NTP Amplification Attack?
  • Is Silverline able to protect against NTP Amplification Attack?

Environment

  • Silverline DDoS
  • Routed or Proxy DDoS protection

Answer

  • This is an amplified reflection attack. NTP Amplification exploits Network Time Protocol (NTP) servers, a long-time network protocol used to synchronize computer clocks, in order to overwhelm UDP traffic. In any reflection attack, there is a response from the server to a spoofed IP address.
  • An amplified version means the response from the server is disproportionate to the original request. Because of the high bandwidth used when attacked with this type of attack, it can be devastating and overwhelm the internet connections.
  • Silverline can protect against NTP amplification attacks, additionally, Silverline recommends the customers in the routed service, configuring the recommended firewall rules to increase protection.

Traffic Sample

16:46:24.469972 IP X.X.X.X.123 >X.X.X.X.48242: NTPv2, Reserved, length 440
16:46:24.470099 IP X.X.X.X.123 > X.X.X.X.34126: NTPv2, Reserved, length 440
16:46:24.470258 IP X.X.X.X.123 >X.X.X.X.48242: NTPv2, Reserved, length 440
16:46:24.470422 IP X.X.X.X.123 > X.X.X.X.34126: NTPv2, Reserved, length 440
16:46:24.470446 IP X.X.X.X.123 > X.X.X.X.51635: NTPv2, Reserved, length 440
16:46:24.470467 IP X.X.X.X.123 > X.X.X.X.3874: NTPv2, Reserved, length 440
16:46:24.470553 IP X.X.X.X.123 >X.X.X.X.48242: NTPv2, Reserved, length 440
16:46:24.470743 IP X.X.X.X.123 >X.X.X.X.34126: NTPv2, Reserved, length 440
16:46:24.470890 IP X.X.X.X.123 > X.X.X.X.48242: NTPv2, Reserved, length 440
16:46:24.470957 IP X.X.X.X.123 > X.X.X.X.51635: NTPv2, Reserved, length 440
16:46:24.471053 IP X.X.X.X.123 > X.X.X.X.34126: NTPv2, Reserved, length 440
16:46:24.471254 IP X.X.X.X.123 >X.X.X.X.48242: NTPv2, Reserved, length 440
16:46:24.471354 IP X.X.X.X.123 >X.X.X.X.3874: NTPv2, Reserved, length 440

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request