Google security researchers recently discovered, NTP Protocol, the Network Time Protocol, there have been some new serious vulnerabilities, NTP 4.2.8 prior versions are affected, a hacker can exploit these vulnerabilities to expand the remote attack.
The NTP Protocol is used between the computer systems of a network time synchronization Protocol.
In the NTP 4.2.8 prior versions are affected by this vulnerability effects. Even more serious is that the researchers have the real environment found under real attack cases and the corresponding vulnerability using the program EXP is. In this series of the NTP Protocol vulnerabilities, including remote buffer overflows and other serious problems that hackers can easily add these using the old version of the NTP service of the server black out.
ICS-CERT industrial control Emergency Response Center consultants says:
“Google security team member Neel Mehta and Stephen Roettger have worked with CERT/CC collaborative research NTP Protocol multiple vulnerabilities. Since the NTP Protocol in the industrial control system widely used, the NCCIC/ICS-CERT to us critical infrastructure asset managers and customers early warning, and hope soon to find fix or mitigation measures.”
The vulnerability can be remotely exploited, the exploit program EXP also has been in the underground Black Market is widespread. Hackers need only send a single packet, it is possible for the NTP buffer overflow and thus execute malicious code, The last of the NTPD process to the system privilege elevation operation.
NTP uses UDP 1 2 3 port contains a named monlist module, NTP server receives the monlist request can be up to return 1 0 0 response packet. Therefore the attacker by forging the victim host's IP address, to the whole network the NTP server sends a monlist request, the NTP server and then to the victim host to return large amounts of data packets, resulting in network congestion. This is a typical distributed reflection denial of service（DRDoS attacks.