DDoS-атаки, использующие NTP-серверы для усиления трафика

[Pragmatic]

Не ну падлы, реально активизировались. Где файер не включен был, за роутером стоял сервер, местный админ открыл на нем все, нас не предупредил об этом, сразу в trafshow трафик башенный попер udp ntp.

[virus_net]

Ага, этот вид атаки все больше и больше набирает обороты.

Владельцам Juniper`ов нужно так же закрыть фаиром:
[JSA10613] Mitigation of NTP amplification attacks involving Junos

PRODUCT AFFECTED:
Effective on all Junos products and platforms with NTP client or server enabled

PROBLEM:
When an NTP client or server is enabled within the [edit system ntp] hierarchy level of the Junos configuration, REQ_MON_GETLIST and REQ_MON_GETLIST_1 control messages supported by the monlist feature within NTP may allow remote attackers to cause a denial of service. NTP is not enabled in Junos by default. Once NTP is enabled, an attacker can exploit these control messages in two different ways:
as part of a distributed denial of service (DDoS) attack against a remote victim
as the target of an attack against the device itself
If unwanted NTP requests come into a Junos device, the NTP process will occupy resources such as memory and CPU, slowing down other processes and affecting overall system functionality. In extreme cases, the situation could result in traffic loss or protocol flaps.