A while ago, when I was doing maintenance on a router, which we had to downgrade to an older version, suddenly a thought popped up into my mind: is this older version actually safe from the recent Network Time Protocol (NTP) bug?
For those who don’t remember: the NTP-bug was a very simple but nasty “feature” that was loved by people who wanted to launch a DDoS attack. It was extremely easy to abuse.
The Network Time Protocol is normally set up on servers and on network equipment for clock synchronization between computer systems. It synchronizes all participating computers to within a few milliseconds of Coordinated Universal Time (UTC). But it had some flaws. You could send a command to the NTP listener and as a result, it would send back all IP addresses that had been in touch with the NTP speaker to check the time.
This means that by sending just a small request, the NTP speaker would send back an enormous answer. The problem was, that NTP was open on default, so if you would request the contact list using a fake source IP address, that address would receive the enormous answer and would become totally overloaded.
The perfect Modus Operandi for a DDoS attack. The newest software and network operating systems have cleaned the bug by simply removing the otherwise useless “monlist” feature, but this is still something you should think about when you are working with older versions, or when you have to downgrade newer ones. So make sure to block random source addresses from accessing the NTP listener on your devices!
Since we are talking about time, I have two more things. The first one is a question for programmers. When you are working on a new project, do you take in account the insertion of a leap second and how your system reacts to it? Especially since the leap second isn’t a regular occurrence, it is good to know how your system works, when it reads ‘23:59:60 UTC’ instead of 00:00:00 UTC every now and then. What does it means for the system? It could mean that you run processes twice or not at all.
The other thing that came to mind thinking about time, is to make sure all of your systems are set to the UTC time zone. This makes life a lot easier when you have devices in multiple different time zones – if you have to sift through large logs in order to check where or when something went wrong, it is easier if all the logs are in the same time zone, rather than you take in to account the different time zones. As a bonus, UTC doesn’t have daylight savings time, so you don’t have to worry when and where the additional hour is added or removed.
Believe me – just a few tips that will save you a lot of time.