SlideShare a Scribd company logo

NTP Amplification Threat Advisory

Download as PPTX, PDF
State of the Internet
State of the Internet

How to stop NTP amplification DDoS attacks Quick takeaways in 10 slides

TechnologyNews & Politics
1 of 10
www.prolexic.com NTP-AMP: DDoS Amplification Tactics Highlights from a Prolexic DDoS Threat Advisory
www.prolexic.com What is DDoS amplification? • Amplification makes a DDoS attack stronger • An attacker sends a small message to a third-party server, pretending to be the target • The server responds with a much larger message to the target • Repeated requests result in a denial of service attack – The flood of unwanted traffic keeps the target site too busy, causing it to crash or respond too slowly to users 2
www.prolexic.com Why NTP amplification? • Network Time Protocol (NTP) is a common Internet protocol • Servers use NTP to synchronize computer clocks • Some versions of NTP are vulnerable to use in DDoS amplification attacks • Attackers create lists of vulnerable servers • A DDoS attack tool called NTP-AMP uses NTP and amplification lists to create massive denial of service attacks 3
www.prolexic.com NTP attacks: an emerging DDoS trend 371% 217% 807% 0% 100% 200% 300% 400% 500% 600% 700% 800% 900% Number of Attacks Ave. Peak Bandwidth Ave. Peak Packets Per Second (pps) Percent Increase in NTP Amplification Attacks February 2014 vs January 2014 4
www.prolexic.com Many industries have been targeted • Finance • Gaming • e-Commerce • Internet • Media • Education • Software-as-a-service (SaaS) • Security 5
www.prolexic.com How NTP-AMP works • monlist: IP addresses and statistics for the last 600 clients that have asked an NTP server for the time • The NTP-AMP tool asks an NTP server for its monlist, while pretending to be the target. • The NTP server sends its monlist to the target. • The monlist is big! – In a worse-case situation, a single 60-byte request packet could generate a 22,000-byte response • The attacker may use many NTP servers, but with this much amplification, fewer are needed 6
www.prolexic.com Don’t be a part of an attack: Configure your NTP servers properly 7 • Got an NTP server? • Run a monlist query. • If you get a response like this one, it is imperative that you change the server configuration to disable this type of response.
www.prolexic.com If you are a target of an NTP attack • NTP-AMP is in active use in DDoS attack campaigns • Prolexic stops NTP-AMP attacks • The NTP-AMP Threat Advisory by the Prolexic Security Engineering and Response Team (PLXsert) explains how to mitigate NTP-AMP DDoS attacks – Target mitigation using ACL entries – NTP-AMP IDS Snort Rule against victim NTP server 8
www.prolexic.com Threat Advisory: NTP-AMP DDoS toolkit • Download the threat advisory, NTP-AMP: Amplification Tactics and Analysis • This DDoS threat advisory includes: – Indicators of the use of the NTP-AMP toolkit – Analysis of the source code – Use of monlist as the payload – The SNORT rule and target mitigation using ACL entries for attack targets – Mitigation instructions for vulnerable NTP servers – Statistics and payloads from two observed NTP amplification DDoS attack campaigns 9
www.prolexic.com About Prolexic (now part of Akamai) • Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services • Prolexic has successfully stopped DDoS attacks for more than a decade • Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers 10

Recommended

Aci dp
Aci dpAci dp
Aci dpZchabar Jhie
 
Snort by SecArmour
Snort by SecArmour Snort by SecArmour
Snort by SecArmourSec Armour
 
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...Ben Stricker
 
Snorter
SnorterSnorter
SnorterJoan Bono
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Snort ppt
Snort pptSnort ppt
Snort pptaAlcantar93
 
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesA10 Networks
 
A10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Networks
 

Recommended

Aci dp
Aci dpAci dp
Aci dpZchabar Jhie
 
Snort by SecArmour
Snort by SecArmour Snort by SecArmour
Snort by SecArmourSec Armour
 
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...Ben Stricker
 
Snorter
SnorterSnorter
SnorterJoan Bono
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Snort ppt
Snort pptSnort ppt
Snort pptaAlcantar93
 
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesA10 Networks
 
A10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Networks
 
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentationState of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentationState of the Internet
 
Largest 2013 DDoS Attacks Mitigated by Quarter
Largest 2013 DDoS Attacks Mitigated by QuarterLargest 2013 DDoS Attacks Mitigated by Quarter
Largest 2013 DDoS Attacks Mitigated by QuarterState of the Internet
 
Top 10 DDoS Trends for 2013 Infographic
Top 10 DDoS Trends for 2013 InfographicTop 10 DDoS Trends for 2013 Infographic
Top 10 DDoS Trends for 2013 InfographicState of the Internet
 
Q3 2013 Global DDoS Attacks | DDoS Attack Statistics
Q3 2013 Global DDoS Attacks | DDoS Attack StatisticsQ3 2013 Global DDoS Attacks | DDoS Attack Statistics
Q3 2013 Global DDoS Attacks | DDoS Attack StatisticsState of the Internet
 
The Battle Against DDoS | DDoS Attack Statistics
The Battle Against DDoS | DDoS Attack StatisticsThe Battle Against DDoS | DDoS Attack Statistics
The Battle Against DDoS | DDoS Attack StatisticsState of the Internet
 
Rise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicRise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicState of the Internet
 
DDoS Attack & Defense Infographic
DDoS Attack & Defense InfographicDDoS Attack & Defense Infographic
DDoS Attack & Defense InfographicState of the Internet
 
Q3 2013 Global DDoS Attack Report
Q3 2013 Global DDoS Attack ReportQ3 2013 Global DDoS Attack Report
Q3 2013 Global DDoS Attack ReportState of the Internet
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

More Related Content

More from State of the Internet

State of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentationState of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentationState of the Internet
 
Largest 2013 DDoS Attacks Mitigated by Quarter
Largest 2013 DDoS Attacks Mitigated by QuarterLargest 2013 DDoS Attacks Mitigated by Quarter
Largest 2013 DDoS Attacks Mitigated by QuarterState of the Internet
 
Top 10 DDoS Trends for 2013 Infographic
Top 10 DDoS Trends for 2013 InfographicTop 10 DDoS Trends for 2013 Infographic
Top 10 DDoS Trends for 2013 InfographicState of the Internet
 
Q3 2013 Global DDoS Attacks | DDoS Attack Statistics
Q3 2013 Global DDoS Attacks | DDoS Attack StatisticsQ3 2013 Global DDoS Attacks | DDoS Attack Statistics
Q3 2013 Global DDoS Attacks | DDoS Attack StatisticsState of the Internet
 
The Battle Against DDoS | DDoS Attack Statistics
The Battle Against DDoS | DDoS Attack StatisticsThe Battle Against DDoS | DDoS Attack Statistics
The Battle Against DDoS | DDoS Attack StatisticsState of the Internet
 
Rise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicRise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicState of the Internet
 

More from State of the Internet (8)

State of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentationState of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
 
Largest 2013 DDoS Attacks Mitigated by Quarter
Largest 2013 DDoS Attacks Mitigated by QuarterLargest 2013 DDoS Attacks Mitigated by Quarter
Largest 2013 DDoS Attacks Mitigated by Quarter
 
Top 10 DDoS Trends for 2013 Infographic
Top 10 DDoS Trends for 2013 InfographicTop 10 DDoS Trends for 2013 Infographic
Top 10 DDoS Trends for 2013 Infographic
 
Q3 2013 Global DDoS Attacks | DDoS Attack Statistics
Q3 2013 Global DDoS Attacks | DDoS Attack StatisticsQ3 2013 Global DDoS Attacks | DDoS Attack Statistics
Q3 2013 Global DDoS Attacks | DDoS Attack Statistics
 
The Battle Against DDoS | DDoS Attack Statistics
The Battle Against DDoS | DDoS Attack StatisticsThe Battle Against DDoS | DDoS Attack Statistics
The Battle Against DDoS | DDoS Attack Statistics
 
Rise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicRise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - Infographic
 
DDoS Attack & Defense Infographic
DDoS Attack & Defense InfographicDDoS Attack & Defense Infographic
DDoS Attack & Defense Infographic
 
Q3 2013 Global DDoS Attack Report
Q3 2013 Global DDoS Attack ReportQ3 2013 Global DDoS Attack Report
Q3 2013 Global DDoS Attack Report
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

NTP Amplification Threat Advisory

  • 1. www.prolexic.com NTP-AMP: DDoS Amplification Tactics Highlights from a Prolexic DDoS Threat Advisory
  • 2. www.prolexic.com What is DDoS amplification? • Amplification makes a DDoS attack stronger • An attacker sends a small message to a third-party server, pretending to be the target • The server responds with a much larger message to the target • Repeated requests result in a denial of service attack – The flood of unwanted traffic keeps the target site too busy, causing it to crash or respond too slowly to users 2
  • 3. www.prolexic.com Why NTP amplification? • Network Time Protocol (NTP) is a common Internet protocol • Servers use NTP to synchronize computer clocks • Some versions of NTP are vulnerable to use in DDoS amplification attacks • Attackers create lists of vulnerable servers • A DDoS attack tool called NTP-AMP uses NTP and amplification lists to create massive denial of service attacks 3
  • 4. www.prolexic.com NTP attacks: an emerging DDoS trend 371% 217% 807% 0% 100% 200% 300% 400% 500% 600% 700% 800% 900% Number of Attacks Ave. Peak Bandwidth Ave. Peak Packets Per Second (pps) Percent Increase in NTP Amplification Attacks February 2014 vs January 2014 4
  • 5. www.prolexic.com Many industries have been targeted • Finance • Gaming • e-Commerce • Internet • Media • Education • Software-as-a-service (SaaS) • Security 5
  • 6. www.prolexic.com How NTP-AMP works • monlist: IP addresses and statistics for the last 600 clients that have asked an NTP server for the time • The NTP-AMP tool asks an NTP server for its monlist, while pretending to be the target. • The NTP server sends its monlist to the target. • The monlist is big! – In a worse-case situation, a single 60-byte request packet could generate a 22,000-byte response • The attacker may use many NTP servers, but with this much amplification, fewer are needed 6
  • 7. www.prolexic.com Don’t be a part of an attack: Configure your NTP servers properly 7 • Got an NTP server? • Run a monlist query. • If you get a response like this one, it is imperative that you change the server configuration to disable this type of response.
  • 8. www.prolexic.com If you are a target of an NTP attack • NTP-AMP is in active use in DDoS attack campaigns • Prolexic stops NTP-AMP attacks • The NTP-AMP Threat Advisory by the Prolexic Security Engineering and Response Team (PLXsert) explains how to mitigate NTP-AMP DDoS attacks – Target mitigation using ACL entries – NTP-AMP IDS Snort Rule against victim NTP server 8
  • 9. www.prolexic.com Threat Advisory: NTP-AMP DDoS toolkit • Download the threat advisory, NTP-AMP: Amplification Tactics and Analysis • This DDoS threat advisory includes: – Indicators of the use of the NTP-AMP toolkit – Analysis of the source code – Use of monlist as the payload – The SNORT rule and target mitigation using ACL entries for attack targets – Mitigation instructions for vulnerable NTP servers – Statistics and payloads from two observed NTP amplification DDoS attack campaigns 9
  • 10. www.prolexic.com About Prolexic (now part of Akamai) • Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services • Prolexic has successfully stopped DDoS attacks for more than a decade • Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers 10