NTP Reflection Attack

cdmoss · April 29, 2014, 7:26pm

Hello All,
This aflex may be used to protect against a NTP Reflection Attack (CVE-2013-5211). Apply this to the virtual service for NTP, udp port 123.

This aFleX detects and drops the NTP Reflection attack -reject Monlists # Refer to NTP Amplification Attacks Using CVE-2013-5211 | CISA

when CLIENT_DATA { binary scan [UDP::payload 4] cccc b1 b2 b3 b4 if { [expr $b1 & 135] == 7 and [expr $b2 & 128] == 0 and $b4 == 42 } { log local0. “NTP Amp Attack detected Ref: CVE-2013-5211 \ from [IP::client_addr] to NTP server at [IP::local_addr]\n” drop } }

mischa · April 30, 2014, 4:57am

Nice one!

Discussion		Replies	Views
DNS NXDOMAIN Attack Aflex aFleX dns , aflex , slb-adc , ddos-protection	0	186	April 8, 2014
How to limit DHCP Discover aFleX	4	155	November 1, 2011
aFleX: Bruce Force Attack Protection aFleX aflex	0	41	June 19, 2014
Scripiting questions (Aflex) aFleX	0	141	August 11, 2021
Block harmful traffic or attack via Websocket traffic ADC - Application Delivery aflex , waf , thunder-adc	0	242	May 26, 2022

NTP Reflection Attack

This aFleX detects and drops the NTP Reflection attack -reject Monlists # Refer to NTP Amplification Attacks Using CVE-2013-5211 | CISA

Related topics