Abstract
The Network Time Protocol (NTP) is used to synchronize clocks of various computer devices such as personal computers, tablets, and phones based their set time zones. The network of devices that use these NTP servers form a huge distributed network that attracted a number of attacks from late 2013 towards early 2014. This paper presents a hands-on test of the Distributed Reflection Denial of Service (DRDoS) attack by the monlist command, provides more vulnerability in the protocol, and offers mitigation to these vulnerabilities. A Kali Linux server was used to test the monlist command on its localhost. The results showed that a request with a size of 234 bytes got a response of 4,680 bytes. A busy NTP server can return up to 600 addresses which were theoretically calculated to return approximately 48 kilobytes in 100 packets. Consequently, this results in an amplification factor of 206×. The knowledge of the way the attack can be propagated was an important step in thwarting the attack and mitigating more such threats in the same protocol.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
