科技回声

10 条评论

mburgosh超过 11 年前

Spent the night last night dealing with this attack. Here is what you should know to deal with it:<a href="https://www.us-cert.gov/ncas/alerts/TA14-013A" rel="nofollow">https://www.us-cert.gov/ncas/alerts/TA14-013A</a>

jnazario超过 11 年前

hdmoore re-disclosed this back on mar 2 2010. nothing new here. more about this:<a href="https://labs.ripe.net/Members/mirjam/ntp-reflections" rel="nofollow">https://labs.ripe.net/Members/mirjam/ntp-reflections</a>templates from the team cymru guys to secure your ntp installations, which have also been around a while.<a href="http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html" rel="nofollow">http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-t...</a>

评论 #7225323 未加载

xorrbit超过 11 年前

If you're concerned your NTP servers may have the monlist command enabled and therefore be available for attackers to use to mount these reflection attacks there is a Nessus plugin to check for this: <a href="http://www.tenable.com/plugins/index.php?view=single&id=71783" rel="nofollow">http://www.tenable.com/plugins/index.php?view=single&id=7178...</a>

评论 #7225747 未加载

ck2超过 11 年前

So can a server just close or move NTP ports to survive this and block default ports via firewall?

评论 #7224583 未加载

评论 #7225337 未加载

jlgaddis超过 11 年前

<pre><code> $ nmap -sU -pU:123 -Pn -n --script=ntp-monlist <target> </code></pre> -- <a href="http://nmap.org/nsedoc/scripts/ntp-monlist.html" rel="nofollow">http://nmap.org/nsedoc/scripts/ntp-monlist.html</a>

legulere超过 11 年前

Has someone tried getting all vulnerable NTP servers with zmap and shutting them down?

评论 #7227742 未加载

Fuxy超过 11 年前

That's a dangerous tool to be releasing this early but hey if you can why not :)

评论 #7224144 未加载

评论 #7224551 未加载

yoha超过 11 年前

Here are the important lines from ntpdos.py:> #Magic Packet aka NTP v2 Monlist Packet> data=str("\x17\x00\x03\x2a") + str("\x00")*4> packet = IP(dst=ntpserver,src=target)/UDP(sport=48947,dport=123)/Raw(load=data) #BUILD IT

voilet超过 11 年前

59.151.34.14

vpnguy超过 11 年前

Suggested reading: <a href="http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks" rel="nofollow">http://blog.cloudflare.com/understanding-and-mitigating-ntp-...</a>

10 条评论

mburgosh超过 11 年前

jnazario超过 11 年前

评论 #7225323 未加载

xorrbit超过 11 年前

评论 #7225747 未加载

ck2超过 11 年前

So can a server just close or move NTP ports to survive this and block default ports via firewall?

评论 #7224583 未加载

评论 #7225337 未加载

jlgaddis超过 11 年前

legulere超过 11 年前

Has someone tried getting all vulnerable NTP servers with zmap and shutting them down?

评论 #7227742 未加载

Fuxy超过 11 年前

That's a dangerous tool to be releasing this early but hey if you can why not :)

评论 #7224144 未加载

评论 #7224551 未加载

yoha超过 11 年前

voilet超过 11 年前

59.151.34.14

vpnguy超过 11 年前

Suggested reading: <a href="http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks" rel="nofollow">http://blog.cloudflare.com/understanding-and-mitigating-ntp-...</a>

Create a DDOS attack using NTP servers

10 条评论

Create a DDOS attack using NTP servers

10 条评论