ntp放大攻击_NTP DDoS放大攻击正在上升

ntp放大攻击

In recent weeks the cyber security community has been stunned by attacks that blow away all previous records of size and strength. The cause? A new DDoSmethod on the scene, called NTP. Read on to learn how these attacks are leveraging outdated commands to create DDoS attacks of massive proportions.

最近几周，网络安全社区被攻击破坏了，这些攻击摧毁了以前所有的大小和强度记录。 原因？ 场景中出现了一种新的DDoS方法，称为NTP。 继续阅读以了解这些攻击如何利用过时的命令来创建大规模的DDoS攻击。

NTP和MONLIST (NTP and MONLIST)

Network Time Protocol or NTP is a handy mechanism on most modern connected devices that communicates between other devices to synchronise time. The useful protocol constantly sends out time requests and confirmations within its network. NTP is so accurate it can maintain time between computers within tens of milliseconds.

网络时间协议或NTP是大多数现代连接设备上的便捷机制，该设备在其他设备之间进行通信以同步时间。 有用的协议不断在其网络内发出时间请求和确认。 NTP非常精确，可以将计算机之间的时间保持在数十毫秒之内。

The primary time-keeping function of NTP is not a problem. The issue in the protocol is the MONLIST command – a feature that allows devices to request the previous 600 servers the machine has contacted to sync watches.

NTP的主要计时功能没有问题。 协议中的问题是MONLIST命令-一种功能，该功能允许设备请求计算机已连接的之前的600台服务器以同步手表。

Hackers manipulate this command to amplify data requests by a factor of up to 600x with the goal of overwhelming the Network Layer of a target server. To accomplish the DDoS, they send MONLIST request packets to NTP vulnerable servers, who are then instructed to relay the data request to the target. The final result is a deluge of packet requests that are so large an unprotected target server must go offline to recover.

黑客操纵此命令将数据请求放大多达600倍，目的是压倒目标服务器的网络层。 为了完成DDoS，它们将MONLIST请求数据包发送到NTP易受攻击的服务器，然后由它们指示将数据请求中继到目标。 最终结果是大量的数据包请求，如此之大，不受保护的目标服务器必须脱机才能恢复。

法国麻烦 (Trouble in France)

In February an NTP attack targeting a French website hit with approximately 400 Gbps of attack volume. This staggering magnitude was achieved by leveraging processing power from NTP vulnerable devices around the world. The February attack was over 200 percent larger than the previous record holder.

2月，针对法国网站的NTP攻击命中了大约400 Gbps的攻击量。 这种惊人的规模是通过利用全球NTP易受攻击的设备的处理能力来实现的。 2月的攻击比以前的记录保持者大200％以上。

Fortunately the attack did not last long – most NTP attacks last between 30 and 60 minutes at most. Once the attacking IPs have been identified, it’s relatively simple for 3rd party security providers to filter out the offenders. Often times the NTP attack is preprogrammed, meaning the assault will continue for a predetermined time period whether or not the requests are being mitigated.

幸运的是，攻击并未持续很长时间-大多数NTP攻击最多持续30至60分钟。 一旦确定了攻击IP，第三方安全提供商就可以轻松过滤出违规者。 通常，NTP攻击是预先编程的，这意味着无论请求是否得到缓解，攻击都会持续预定的时间。

NTP; 主流还是过时的时尚？ (NTP; Mainstay or Passing Fad?)

As previously mentioned, NTP is a recent security phenomenon – but is it here to stay? It’s difficult to say. A report recently issued by security provider Incapsula, NTP attacks surpassed Large SYN floods as the most often used method for large scale DDoS attacks.

如前所述，NTP是最近出现的一种安全现象–但是它会保留吗？ 很难说。 安全提供商Incapsula最近发布的一份报告显示 ，NTP攻击已超过大型SYN洪水，成为大规模DDoS攻击最常用的方法。

But as more NTP vulnerable servers are discovered, we may see a decrease in this form of attack. Cyber security expert Marc Gaffan explains that “crowd sourcing” compromised IP addresses will help the security industry filter out malicious requests. As people learn more about NTP and how to protect their websites, the threat may decrease, but expect the problem to get worse before it gets better.

但是，随着发现更多NTP易受攻击的服务器，我们可能会发现这种攻击形式有所减少。 网络安全专家马克·加芬(Marc Gaffan)解释说，“众包”受损的IP地址将帮助安全行业过滤恶意请求。 随着人们对NTP以及如何保护其网站的更多了解，威胁可能会减少，但希望问题在变得更好之前变得更糟。

Check out the Open NTP Project to see if your website is vulnerable.

查看Open NTP Project，以查看您的网站是否易受攻击。

翻译自: https://www.eukhost.com/blog/webhosting/ntp-ddos-amplification-attacks-are-on-the-rise/

ntp放大攻击