All about Security: NTP Attack... (Oh my god)

2020年3月30日星期一

弱點在那兒 ?

2020/03/28 爆出這一個月以來最大量流量

結果查的結果是NTP 攻擊

很難想像, 數量有多少.

NTP Amplification REQ_MON_GETLIST Request Found: 47,411,882 次

Name	NTP Amplification REQ_MON_GETLIST Request Found
Unique Threat ID	36343
Description	This alert indicates that there is a REQ_MON_GETLIST_1 request on NTP. If this event happened many times within a short period of time, it could indicate that someone is trying to brute force and cause DOS on the NTP server.
Category	dos
PanOS Minimum Version	6.1.0
PanOS Maximum Version
Severity	informational
Action	allow
CVE	CVE-2013-5211
Vendor ID
First Release	421 (2014-02-25 UTC)
Last Update	599 (2016-07-20 UTC)
Reference	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211, https://www.us-cert.gov/ncas/alerts/TA14-013A
Status	released

NTP Amplification Denial-Of-Service Attack : 46,687,487次

Name	NTP Amplification Denial-Of-Service Attack
Unique Threat ID	40038
Description	This event indicates that someone is using a brute force attack to perform DOS attack to a NTP server. It is leverage CVE-2013-5211, which is the monlist feature vulnerability of NTP.
Category	brute-force
PanOS Minimum Version	6.1.0
PanOS Maximum Version
Severity	low
Action	alert
CVE	CVE-2013-5211
Vendor ID
First Release	421 (2014-02-25 UTC)
Last Update	599 (2016-07-20 UTC)
Reference	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211, https://www.us-cert.gov/ncas/alerts/TA14-013A
Status	released

半小時 73.809k 次攻擊

73.809 x 1000 / 30 / 60 = 41次/sec

一秒鐘大概 41次

從PRTG上看, 對總量影響不大, 但是對客戶上網就會變慢

搞不懂這樣攻擊的目的是什麼 ?