Vulnerabilities exposed in Network Time Protocol (NTP) : Boston university researchers have identified multiple security vulnerabilities in Network Time Protocol i.e. NTP. These vulnerabilities can allow a hacker on network to manipulate time on computers and impact the cryptographic calculations; hackers can launch DDOS attacks and affect other security measures. BU Researchers conducted an attack via changing time with the NTP and they were surprised to see the results and said that why no one till now considered this as an attack vector. Let’s explore what all vulnerabilities were exposed by BU researchers in Network Time Protocol (NTP).
Cryptographic Protocol uses time as parameter
The vulnerability is critical since time plays an important role in computing applications and numerous cryptoraphic protocols heavily utilize time, the research paper notes.
The researchers sought to examine attacks on unauthenticated NTP deemed possible within the NTP protocol specification. They considered both on-path attacks on the path between the NTP client and a client server and off-path attacks where an attacker anywhere on the server is not observing client-server traffic.
The on-path attacks involve various techniques to intercept NTB server traffic, the paper noted. The attackers shift time on the NTP server’s clients. An on-path attacker can easily identify when a client initializes.
An off-path attacker can exploit the NTP’s rate-limiting mechanism, the “Kiss-o-Death” (KoD) packet, and disable NTP, the researchers noted. In such a scenario, the attacker only has to spoof a single KoD packet from the client’s preconfigured servers, whereby the client stops querying its servers and cannot update its clock. Standard networking scanning tools can accomplish such an attack within a few hours.
Bitcoin Block Chain Vulnerability
The researchers observed that an NTP attacker can trick someone into rejecting a legitimate bitcoin block chain block. The bitcoin block chain consists of time-stamped blocks that add to the block chain based on validity interval. An NTP attacker can also trick a victim into wasting computational energy on proofs-of-work for a block that is stale.
NTP vulnerabilities are not new. Attackers carried out high-profile DDoS attacks in late 2013 and early 2014 by amplifying traffic from NTP servers.
NTP Ecosystem Integrity Debugged
The research paper says that they examined the integrity of the NTP ecosystem using new network-wide sans and the openNTPproject.
Two NTP servers retreated in time by about 12 years on Nov. 19, 2012, and delivered outages to Active Directory Authentication servers, routers, and PBXs. They observed that multiple applications can fail simultaneously on the system when NTP fails.
NTP can exploit the Resource Public Key Infrastructure, as noted in research paper, referring to a new infrastructure that secures routing.
Attackers can also use NTP for cache flushing. DNS cache entries usually live for around 24 hours. Pushing a “resolver” ahead in time by one day will cause the expiration of most cache entries. A failure such as the one in November 2012 could drive multiple resolvers to flush caches simultaneously, flooding DNS queries onto the network.
There are some more Vulnerabilities related to NTP (Network Time Protocol) which were reported earlier like amplification attack which can enhance DDOS attacks by using publicly available NTP servers, Spamhaus service DDOS attacks etc.
That’s all for today!! We will keep you posted if more NTP vulnerabilities are reported. Keep Reading!! Keep Connected!!