Technical Notice on NTP Amplification Attacks – Jan 6, 2014

There are reports of attacks aimed at NTP (Network Time Protocol) services which can significantly impact your associated server and network services. Please see the following for a short description of the current attacks.

Many sites run NTP on servers – perhaps dedicated servers for NTP only or in conjunction with other services. Those other services will be impacted as the CPU load is excessive, up to 600x amplification, during an attack. The easiest protection for servers is to update to NTP version 4.2.7.

NTP is quite often run on other devices also such as routers and switches. BCNET had a router issue on Jan 3 that looked to have a root cause in faulty hardware. Upon further investigation it was found to be an NTP DDOS. The following link at Open NTP Project
has a reference on securing NTP for Cisco, Juniper, and Unix to protect the NTP daemon with ACLs or firewall rules

BCNET’s suggestion is for you to review your own organization’s NTP services and secure them as noted in the above.