Monday, March 3, 2014

NTP is DoS-ening.

Criminals recently have been using poorly-configured NTP (Network Time Protocol) servers to launch Denial of Service (DoS) attacks on a number of victim networks and sites on the Internet.  Proper NTPD configuration would help stop this misuse.

NTP is DoS-ening

Pardon me.  What time is it?
The answer could cause a fit.
I'll bet your site can't handle it.
A DoS attack will flip its bit.

NTP is listening.
A golden ring is glistening.
A DoS attack is quite the thing!
The packetstorm is littering.

The bad guys find an open host,
And with the proper query post,
They fake the source, and with a boast,
They turn your website into toast.

'Cause they all got themselves some bots
That wait for them to call the shots
The bots all front and lie a lots
Like "eating healthy tatertots".

A million bots all say hello
And tell the answers where to go.
And NTP? Heck, it don't know.
It sends them to some lucky shmoe

Whose network pipe gets overfilled.
Their ISP gets over-billed.
Like gardens that are never tilled,
They're strangled and then fin'lly killed.

So if you're running NTP,
Please take the time, listen to me:
Help make a net that's clear and free.
Secure that stuff! Yo, hear my plea.

No comments:

Post a Comment