Interesting and simple:
From the article:
- First Attack - Involves the use of a so-called Kiss-of-Death packet to exploit a rate-limiter built into NTP. The attacker can exploit this situation from anywhere—an off-path attack—by spoofing a single Kiss of Death packet and can stop a client from querying a server for years
- Second Attack - a denial of service attack where even if the Kiss-of-Death packet vulnerability is patched, an attacker could still use the packet to disable NTP on the victim’s client
- Third attack - Requires an attacker be in man-in-the-middle position and able to hijack traffic to an NTP server using BGP or DNS hijacks. The attack rolls back time on the server’s clients that circumvents a 16-minute panic threshold built into NTP and allows an attacker to manipulate the client’s cache and cause, for example, a cryptographic object to expire, they wrote.
- The final attack is carried out by an off-path attacker and also rolls back time on the client side by exploiting problems in IPv4 packet fragmentation
For more info:
https://threatpost.com/novel-ntp-attacks-roll-back-time/115138/
No comments:
Post a Comment