The NTP Amplification tool (NTP-AMP) exploits the Network Time Protocol (NTP) to launch massive attacks using a small number of compromised servers. This threat advisory about NTP amplification distributed denial of service (DDoS ) attacks includes an analysis of how it generates a monlist payload, along with DDoS protection and mitigation techniques and a review of two DDoS attack campaigns using the NTP amplification tool.
The NTP Amplification threat advisory includes details and mitigation for enterprises, such as:
Amplification is not a new DDoS attack method, nor is the misuse of the Network Time Protocol a new means of launching an amplification attack. Recently, however, NTP amplification attacks have become one of the most popular DDoS attack types for malicious actors as they seek to overwhelm the network resources of their targets.
Comparing DDoS attacks in February 2014 with those in January 2014, DDoS mitigation experts observed the following:
This DDoS Threat Advisory presents a PLXsert analysis of a recently leaked NTP reflection tool written in the Perl scripting language and referred to as NTP-AMP.
In addition to the information provided here, in 2013 PLXSert released a series of distributed reflection and amplification (DrDoS) attack white papers outlining reflection/amplification attack types, including NTP attacks.
Akamai® is the leading provider of cloud services for helping enterprises provide secure, high-performing user experiences on any device, anywhere. At the core of the Company's solutions is the Akamai Intelligent Platform providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai helps enterprises around the world optimize the web experience with SaaS cloud computing solutions including web application acceleration, mobile and web performance optimization, web media delivery and content delivery network (CDN) services, Akamai's cloud security solutions protect online assets against threats such as SQL Injection and DDoS attacks for maximum information security. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud.