Learn about the Network Time Protocol vulnerability that allows remote code execution on vulnerable machines. Mitigation tips included. From HackCave.
Introduction
Network Time Protocol is a widely used specification by computers to ensure their internal clocks are accurate. However, the connections between computers and NTP servers are not encrypted. This leaves it vulnerable to Man In The Middle Attacks, where an attacker can intercept the communication and change it according to their wish.
These serious weaknesses in the Internet's time-synchronization can be used to change the actual time in computers, to whatever time the attacker chooses. These attacks could be used by malicious actors to wreak havoc on the Internet. An attack that prevents sensitive computers and servers from receiving regular time-synchronization updates could cause malfunctions on a mass scale. In many cases, such denial-of-service hacks can be carried out even when attackers are "off-path,
Vulnerability In NTP
These serious weaknesses in the Internet's time-synchronization can be used to change the actual time in computers, to whatever time the attacker chooses. These attacks could be used by malicious actors to wreak havoc on the Internet. An attack that prevents sensitive computers and servers from receiving regular time-synchronization updates could cause malfunctions on a mass scale. In many cases, such denial-of-service hacks can be carried out even when attackers are "off-path,
Effects Of This Vulnerability
This vulnerability, if properly exploited, can cause debilitating outages, snoop on encrypted communications, bypass important security measures such as DNSSEC specification preventing the tampering of domain name system records, etc The most troubling scenario involves bypassing HTTPS encryption by forcing a computer to accept an expired transport layer security certificate.
However, t's not clear how practical some of the attacks would be in real-world settings. While it's possible to use symmetric encryption to cryptographically authenticate an NTP service, keys are difficult to acquire.
However, t's not clear how practical some of the attacks would be in real-world settings. While it's possible to use symmetric encryption to cryptographically authenticate an NTP service, keys are difficult to acquire.
Conclusion
The Network Time Protocol vulnerability poses a serious risk of remote code execution. Understanding the risks and taking the necessary precautions to protect your systems from potential attacks are critical. With the mitigation tips provided in this post, you can take steps to protect your network and ensure the security of your data.
More details can be obtained from the research paper at http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf
Sources:
http://www.pentester.es/2015/10/delorean.html,
http://www.cs.bu.edu/~goldbe/NTPattack.html ,
http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/
More details can be obtained from the research paper at http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf
Sources:
http://www.pentester.es/2015/10/delorean.html,
http://www.cs.bu.edu/~goldbe/NTPattack.html ,
http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/
COMMENTS