Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Pentesting ntp-17-02-18


Published on

Network Time Protocol Penetration testing

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Pentesting ntp-17-02-18

  1. 1. Pentesting NTP
  2. 2. Boring stuffs • UDP-123 • Oldest • Since 1985; • David L. Mills. • Latest version:4.2.8p10 Released on: 2017/03/21
  3. 3. • Stratum 0: atomic clocks, GPS or other radio clocks • Stratum 1: computers whose system time is synchronized to within a few microseconds • Stratum 2: synchronized over a network to stratum 1 • synchronized to stratum 2 servers • upper limit for stratum is 15; stratum 16 is used to indicate that a device is unsynchronized
  4. 4. NTP stratum 1 servers in India
  5. 5. • Windows  win32time service  NTP server • Linux-> ntpd NTP server
  6. 6. Why do I need to think about NTP? • Accurate timestamping is key to root-cause analysis, intrusion analysis • one-time password protocols • Kerberos( Active directory, LDAP, SSL) • DNS cache flushing • Glimpse of replay attack: common example of this sort of attack is where people sniff the signatures from car remote locking systems and then replay them to open the doors
  7. 7. Attacks on NTP so far • Denial of service • Distributed denial of service • Information disclosure • Buffer overflow • Note: Vulnerabilities identified till Jan 2017
  8. 8. 2 mins before Demo!! • monlist is a debugging command that allows to retrieve information from the monitoring facility about traffic associated with the NTP service.