Network Time Protocol Vulnerability

Number: AV14-001
Date: 08 January 2014

Purpose

The purpose of this advisory is to bring attention to a vulnerability in the NTP service that could be used in a reflection/amplification distributed denial of service (DDoS) attack.

Assessment

CCIRC is aware of a vulnerability in older versions of the NTP service that could allow a remote attacker to use the device unknowingly in a reflection/amplification DDoS attack. Subverted devices used in these attacks are not the ultimate target, but are unknowing accomplices to a DDOS attack on an external system.

CVE Reference: CVE-2013-5211

Suggested action

CCIRC recommends organizations review common best practices to harden NTP servers, consider disabling the service if it is not required or test and deploy the latest version of NTP.

Additional guidance on NTP hardening can be found at the following reference:
http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html

For more information on this method of attack, please review the following references:
https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300

References:

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: