Network Time Protocol (NTP) Amplification Attacks

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A vulnerability in the "monlist" feature of ntpd can allow remote attackers to cause distributed denial of service attack (DDoS) via forged requests. US-CERT and the Canadian Cyber Incident Response Center (CCIRC) have both observed active use of this attack vector in recent DDoS attacks.

US-CERT encourages users and administrators to review the CCIRC document as well as US-CERT Vulnerability Note VU#348126 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Network Time Protocol (NTP) Amplification Attacks

Please share your thoughts