Research Reveals a Significant Decline in Vulnerable Servers
National Harbor, MD – June 24, 2014 – (Gartner Security Summit, Gaylord National, Booth #611) – NSFOCUS, Inc., a global provider of distributed denial of service (DDoS) mitigation solutions and services, revealed today a significant decrease in vulnerable Network Time Protocol (NTP) servers; however, there are still more than 17,000NTP servers worldwide that run the risk of amplified DDoS attacks.
- Global Internet-wide scanning reveals number of vulnerable NTP servers – NSFOCUS began efforts to continuously track the number of NTP servers exploited in amplification attacks beginning in December of 2013. Following its global Internet-wide scanning efforts, NSFOCUS revealed a total of 432,120 vulnerable NTP servers worldwide, and among these NTP amplifiers, 1,224 were capable of magnifying traffic by a factor greater than 700.
- Recent findings now indicate a decline in amplifiers – In March 2014, NSFOCUS re-scanned the NTP servers on the Internet and found that the overall number of NTP amplifiers had substantially decreased to 21,156.In May, research identified a continuation of the downward trend, yet there are still 17,647 NTP servers that are not yet patched. Of those unpatched servers,more than 2,100 have the capability for 700 times amplification.
- Preventative measures produce results, more work to be done – The decline in vulnerable servers indicates that many network and system administrators have taken the necessary steps to disable or restrict monlist functions; however proper steps should be taken to ensure the rest of the vulnerable servers are protected. US-CERT and Network Time Protocol strongly advise system administrators to upgrade ntpd to version 4.2.7p26 or later. Users of earlier versions of 4.2.7p26 should either use noquery in the default restrictions to block all status queries, or use disable monitor to disable the ntpdc –c monlist command while still allowing other status queries.
- NSFOCUS is dedicated to providing solutions for anti-DDoS mitigation, Web security and enterprise-level network security – For more than 10 years, NSFOCUS research and development teams have monitored and studied DDoS attacks, providing mitigation solutions to hosting providers, data centers and enterprises around the globe. The company’s anti-DDoS solutions detect DDoS attacks and mitigate against malicious activity in real time, without affecting the flow of good user traffic.
To get the full report, please check here.
Terence Chong, Solutions Architect, NSFOCUS, said:
“At the heart of our anti-DDoS solutions is our Threat Response and Research teams. Our experts track up-to-date global trends and network vulnerabilities to provide the industry with reliable information to assist in the mitigation of these threats. As DDoS attacks continue to grow in number and impact, we are proud to help ISPs, hosting providers, data centers and enterprises stay one step ahead of these kinds of ongoing attacks.”
Founded in 2000, NSFOCUSprovides enterprise-level, carrier-grade solutions and services for distributed denial of service (DDoS) mitigation, Web security and enterprise-level network security. With more than a decade of experience in DDoS research and development and mitigation, NSFOCUS has helped customers around the world maintain high levels of Internet security, website uptime and business operations to ensure that their online systems remain available. The NSFOCUS Anti-DDoS System (ADS) empowers customers to find and fend off a variety of incidents, from simple network layer attacks to more sophisticated and potentially damaging application-layer attacks, all while guaranteeing legitimate traffic gets through to networks and corporate-critical systems. For more information, visit www.nsfocus.com.