Denial of service attacks pour through rift in Network Time Protocol

Mismatched clocks allow poison packets to prevent synching, and sink you

Red Hat security chap Miroslav Lichvar has revealed two vulnerabilities in the widely used and open-source Network Time Protocol daemon (NTPd) that allow attackers to mess up people's clocks.

Lichvar reported the two since-patched holes in which packets without proper message authentication codes are accepted regardless (CVE-2015-1798), and a denial of service condition is triggered when spoofed packets are sent between synchronized hosts (CVE-2015-1799).

The latter flaw affects NTP installations that use symmetric key authentication (xntp3.3wy to version ntp-4.2.8p1), and involves sending spoofed packets between two peering hosts that contain mismatched originate and transmit timestamps.

"An attacker who periodically sends such packets to both hosts can prevent synchronisation," the Carnegie Mellon University Computer Emergency Response Team says.

"An unauthenticated attacker with network access may be able to inject packets or prevent peer synchronisation among symmetrically authenticated hosts."

Sysadmins should update to version ntp-4.2.8p2 of their daemon.

NTP is used to synchronize computer clocks across the web, and is a favorite for denial-of-service attackers who use the protocol to amplify traffic.

The NTP reflection denial-of-service attacks were used to devastating effect last year against gaming servers resulting in efforts to get admins to patch against the exploited vulnerabilities. ®

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2021