Time puts servers at risk of denial-of-service attacks

The Network Timing Protocol, which is used to keep servers on the internet synchronised, could become a major vector of attack for hackers

The Network Timing Protocol (NTP), which is used to keep servers on the internet synchronised, could become a major vector of attack for hackers.

Cisco researchers have warned that the NTP Is a weak link and could be targeted for distributed denial-of-service (DDoS) attacks.

Although this is a new type of attack, Cisco expects hackers to exploit the weaknesses in NTP.

The researchers warned that an increasing number of attack tools, designed to target the growing number of vulnerable NTP servers, were being distributed among the hacker community.

The Cisco 2014 Midyear Security Report, said: "OpenNTPProject.org, an NTP scanning project designed to increase awareness about the NTP problem, has identified more than one million vulnerable NTP servers. Combined, the bandwidth of these servers is likely to be larger than in any DDoS attack seen to date."

The report highlighted a significant NTP amplification attack that occurred in the first half of this year, which targeted a customer of global DNS provider CloudFlare. “At its peak, the February attack reached nearly 400Gbps of UDP traffic,” Cisco said.

Cisco's research is based on a study of 16 multinational organisations which, as of 2013, collectively controlled more than $4tn in assets, with revenues in excess of $300bn.

The survey also found that 44% of the customer networks observed in 2014 issued DNS requests for sites and domains with devices that provide encrypted channel services. Cisco says this suggests that the networks had been compromised and hackers were using the encrypted channel services to cover their tracks.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT suppliers



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: