{"id":478230,"date":"2023-08-09T09:29:27","date_gmt":"2023-08-09T09:29:27","guid":{"rendered":""},"modified":"2023-09-05T11:16:20","modified_gmt":"2023-09-05T11:16:20","slug":"ntp-amplification-attack","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/kr\/wiki\/ntp-amplification-attack\/","title":{"rendered":"NTP \uc99d\ud3ed \uacf5\uaca9"},"content":{"rendered":"<h2>\uc18c\uac1c<\/h2>\n<p>\uc0ac\uc774\ubc84 \uc704\ud611\uc758 \uc138\uacc4\uc5d0\uc11c DDoS(\ubd84\uc0b0 \uc11c\ube44\uc2a4 \uac70\ubd80) \uacf5\uaca9\uc740 \uacc4\uc18d\ud574\uc11c \uae30\uc5c5\uacfc \uc870\uc9c1\uc758 \uc8fc\uc694 \uad00\uc2ec\uc0ac\uc785\ub2c8\ub2e4. \ub2e4\uc591\ud55c DDoS \uacf5\uaca9 \uae30\uc220 \uc911\uc5d0\uc11c NTP \uc99d\ud3ed \uacf5\uaca9\uc740 \uc545\uc758\uc801\uc778 \ud589\uc704\uc790\uac00 \uc628\ub77c\uc778 \uc11c\ube44\uc2a4\ub97c \ubc29\ud574\ud558\uae30 \uc704\ud574 \uc0ac\uc6a9\ud558\ub294 \uac00\uc7a5 \uac15\ub825\ud558\uace0 \ud53c\ud574\ub97c \uc8fc\ub294 \ubc29\ubc95 \uc911 \ud558\ub098\uc785\ub2c8\ub2e4. \uc774 \ubb38\uc11c\uc758 \ubaa9\uc801\uc740 NTP \uc99d\ud3ed \uacf5\uaca9\uc758 \uc5ed\uc0ac, \ub0b4\ubd80 \uc791\ub3d9 \ubc29\uc2dd, \uc720\ud615, \uc194\ub8e8\uc158 \ubc0f \ud504\ub85d\uc2dc \uc11c\ubc84\uc640\uc758 \uc7a0\uc7ac\uc801 \uc5f0\uad00\uc131\uc744 \ud0d0\uc0c9\ud558\uc5ec NTP \uc99d\ud3ed \uacf5\uaca9\uc5d0 \ub300\ud55c \uc2ec\uce35\uc801\uc778 \uc774\ud574\ub97c \uc81c\uacf5\ud558\ub294 \uac83\uc785\ub2c8\ub2e4.<\/p>\n<h2>NTP \uc99d\ud3ed \uacf5\uaca9\uc758 \uae30\uc6d0 \uc5ed\uc0ac<\/h2>\n<p>NTP \ubc18\uc0ac \uacf5\uaca9\uc774\ub77c\uace0\ub3c4 \uc54c\ub824\uc9c4 NTP \uc99d\ud3ed \uacf5\uaca9\uc740 2013\ub144\uc5d0 \ucc98\uc74c \ubc1c\uacac\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uc774 \uacf5\uaca9\uc740 \ucef4\ud4e8\ud130\uc640 \ub124\ud2b8\uc6cc\ud06c \uc7a5\uce58\uc758 \uc2dc\uac04\uc744 \ub3d9\uae30\ud654\ud558\ub294 \ub370 \ud544\uc218\uc801\uc778 NTP(Network Time Protocol) \uc11c\ubc84\uc758 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud569\ub2c8\ub2e4. \uacf5\uaca9\uc740 \ucd5c\uadfc \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0 \ub300\ud55c \uc815\ubcf4\ub97c \uac80\uc0c9\ud558\ub3c4\ub85d \uc124\uacc4\ub41c \uae30\ub2a5\uc778 monlist \uba85\ub839\uc744 \ud65c\uc6a9\ud558\uc5ec \ub300\uc0c1\uc5d0 \ub300\ud55c \uacf5\uaca9 \ud2b8\ub798\ud53d\uc744 \uc99d\ud3ed\uc2dc\ud0b5\ub2c8\ub2e4. \uc18c\uc2a4 IP \uc8fc\uc18c\ub97c \uc2a4\ud478\ud551\ud558\ub294 \uae30\ub2a5\uacfc \uacb0\ud569\ub41c \uc0c1\ub2f9\ud55c \uc99d\ud3ed \uc694\uc18c\ub85c \uc778\ud574 \uc774 \uacf5\uaca9\uc740 \ud2b9\ud788 \uc704\ud5d8\ud558\uace0 \uc644\ud654\ud558\uae30\uac00 \uc5b4\ub835\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>NTP \uc99d\ud3ed \uacf5\uaca9\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \uc815\ubcf4<\/h2>\n<p>NTP \uc99d\ud3ed \uacf5\uaca9\uc740 \uacf5\uaca9\uc790\uac00 \ucde8\uc57d\ud55c NTP \uc11c\ubc84\uc5d0 \uc791\uc740 \uc694\uccad\uc744 \ubcf4\ub0b4 \uc18c\uc2a4 IP \uc8fc\uc18c\ub97c \ub300\uc0c1\uc758 IP\ub85c \uc2a4\ud478\ud551\ud558\ub294 \ubc18\uc0ac\ub77c\ub294 \uae30\uc220\uc744 \uc0ac\uc6a9\ud569\ub2c8\ub2e4. \uadf8\ub7f0 \ub2e4\uc74c NTP \uc11c\ubc84\ub294 \uc6d0\ub798 \uc694\uccad\ubcf4\ub2e4 \ud6e8\uc52c \ub354 \ud070 \uc751\ub2f5\uc73c\ub85c \ub300\uc0c1\uc5d0 \uc751\ub2f5\ud558\ubbc0\ub85c \ud2b8\ub798\ud53d \ud64d\uc218\uac00 \ub300\uc0c1\uc758 \ub9ac\uc18c\uc2a4\ub97c \uc555\ub3c4\ud558\uac8c \ub429\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uc99d\ud3ed \ud6a8\uacfc\ub294 \ucd08\uae30 \uc694\uccad \ud06c\uae30\uc758 \ucd5c\ub300 1,000\ubc30\uae4c\uc9c0 \ub3c4\ub2ec\ud560 \uc218 \uc788\uc5b4 \ub9e4\uc6b0 \ud6a8\uacfc\uc801\uc778 DDoS \uacf5\uaca9 \ubca1\ud130\uac00 \ub429\ub2c8\ub2e4.<\/p>\n<h2>NTP \uc99d\ud3ed \uacf5\uaca9\uc758 \ub0b4\ubd80 \uad6c\uc870<\/h2>\n<p>NTP \uc99d\ud3ed \uacf5\uaca9\uc5d0\ub294 \uc138 \uac00\uc9c0 \uc8fc\uc694 \uad6c\uc131 \uc694\uc18c\uac00 \ud3ec\ud568\ub429\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uacf5\uaca9\uc790:<\/strong> \ub2e4\uc591\ud55c \uae30\uc220\uc744 \ud65c\uc6a9\ud558\uc5ec \ucde8\uc57d\ud55c NTP \uc11c\ubc84\uc5d0 \uc791\uc740 \uc694\uccad\uc744 \ubcf4\ub0b4\ub294 \uacf5\uaca9\uc744 \uc2dc\uc791\ud558\ub294 \uac1c\uc778 \ub610\ub294 \uadf8\ub8f9\uc785\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ucde8\uc57d\ud55c NTP \uc11c\ubc84:<\/strong> \uc774\ub294 monlist \uba85\ub839\uc774 \ud65c\uc131\ud654\ub41c \uacf5\uac1c\uc801\uc73c\ub85c \uc561\uc138\uc2a4 \uac00\ub2a5\ud55c NTP \uc11c\ubc84\uc774\ubbc0\ub85c \uacf5\uaca9\uc5d0 \ucde8\uc57d\ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ud45c\uc801:<\/strong> \uc694\uccad\uc5d0\uc11c IP \uc8fc\uc18c\uac00 \uc2a4\ud478\ud551\ub418\uc5b4 \uc99d\ud3ed\ub41c \uc751\ub2f5\uc73c\ub85c \uc778\ud574 \ub9ac\uc18c\uc2a4\uac00 \ub118\uccd0 \uc11c\ube44\uc2a4\uac00 \uc911\ub2e8\ub418\ub294 \uacf5\uaca9\uc758 \ud53c\ud574\uc790\uc785\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>NTP \uc99d\ud3ed \uacf5\uaca9\uc758 \uc8fc\uc694 \ud2b9\uc9d5 \ubd84\uc11d<\/h2>\n<p>NTP \uc99d\ud3ed \uacf5\uaca9\uc744 \ub354 \uc798 \uc774\ud574\ud558\uae30 \uc704\ud574 \uc8fc\uc694 \uae30\ub2a5\uc744 \ubd84\uc11d\ud574 \ubcf4\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li>\n<p><strong>\uc99d\ud3ed \uc778\uc790:<\/strong> NTP \uc11c\ubc84\uc5d0\uc11c \uc0dd\uc131\ub41c \uc751\ub2f5 \ud06c\uae30\uc640 \ucd08\uae30 \uc694\uccad \ud06c\uae30 \uac04\uc758 \ube44\uc728\uc785\ub2c8\ub2e4. \uc99d\ud3ed \uacc4\uc218\uac00 \ub192\uc744\uc218\ub85d \uacf5\uaca9\uc774 \ub354 \uac15\ub825\ud574\uc9d1\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc18c\uc2a4 IP \uc2a4\ud478\ud551:<\/strong> \uacf5\uaca9\uc790\ub294 \uc694\uccad\uc5d0\uc11c \uc18c\uc2a4 IP \uc8fc\uc18c\ub97c \uc704\uc870\ud558\uc5ec \uacf5\uaca9\uc758 \ucd9c\ucc98\ub97c \ucd94\uc801\ud558\uae30 \uc5b4\ub835\uac8c \ub9cc\ub4e4\uace0 \ub354 \ub192\uc740 \uc218\uc900\uc758 \uc775\uba85\uc131\uc744 \uac00\ub2a5\ud558\uac8c \ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uad50\ud1b5 \ubc94\ub78c:<\/strong> \uacf5\uaca9\uc740 \uc99d\ud3ed\ub41c \ub300\ub7c9\uc758 \ud2b8\ub798\ud53d\uc73c\ub85c \ub300\uc0c1\uc744 \ubc94\ub78c\uc2dc\ucf1c \ub300\uc5ed\ud3ed\uc744 \uc18c\ubaa8\ud558\uace0 \ub9ac\uc18c\uc2a4\ub97c \uc555\ub3c4\ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ul>\n<h2>NTP \uc99d\ud3ed \uacf5\uaca9 \uc720\ud615<\/h2>\n<p>NTP \uc99d\ud3ed \uacf5\uaca9\uc740 \uc0ac\uc6a9\ub41c \ud2b9\uc815 \uae30\uc220\uc774\ub098 \uac15\ub3c4\uc5d0 \ub530\ub77c \ubd84\ub958\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ub2e4\uc74c\uc740 \uba87 \uac00\uc9c0 \uc77c\ubc18\uc801\uc778 \uc720\ud615\uc785\ub2c8\ub2e4.<\/p>\n<table>\n<thead>\n<tr>\n<th>\uacf5\uaca9 \uc720\ud615<\/th>\n<th>\uc124\uba85<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\uc9c1\uc811 NTP \uacf5\uaca9<\/td>\n<td>\uacf5\uaca9\uc790\ub294 \ucde8\uc57d\ud55c NTP \uc11c\ubc84\ub97c \uc9c1\uc811 \ud45c\uc801\uc73c\ub85c \uc0bc\uc2b5\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>\ubc18\uc0ac \uacf5\uaca9<\/td>\n<td>\uacf5\uaca9\uc790\ub294 \uc5ec\ub7ec \uac1c\uc758 \uc911\uac04 NTP \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uc5ec \ub300\uc0c1\uc744 \ud5a5\ud55c \uacf5\uaca9 \ud2b8\ub798\ud53d\uc744 \ubc18\uc0ac\ud558\uace0 \uc99d\ud3ed\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>NTP \uc99d\ud3ed \uacf5\uaca9 \ud65c\uc6a9 \ubc29\ubc95, \ubb38\uc81c\uc810, \ud574\uacb0 \ubc29\ubc95<\/h2>\n<p>NTP \uc99d\ud3ed \uacf5\uaca9\uc740 \ub124\ud2b8\uc6cc\ud06c \uad00\ub9ac\uc790\uc640 \uc0ac\uc774\ubc84 \ubcf4\uc548 \uc804\ubb38\uac00\uc5d0\uac8c \uc2ec\uac01\ud55c \uacfc\uc81c\ub97c \uc548\uaca8\uc90d\ub2c8\ub2e4. \uc8fc\uc694 \ubb38\uc81c\uc640 \ud574\uacb0 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li>\n<p><strong>\ubb38\uc81c:<\/strong> \ucde8\uc57d\ud55c NTP \uc11c\ubc84 - \ub9ce\uc740 NTP \uc11c\ubc84\uac00 \uc624\ub798\ub41c \uc124\uc815\uc73c\ub85c \uad6c\uc131\ub418\uc5b4 monlist \uba85\ub839\uc774 \uc545\uc6a9\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p><strong>\ud574\uacb0\ucc45:<\/strong> \uc11c\ubc84 \uac15\ud654 \u2013 \ub124\ud2b8\uc6cc\ud06c \uad00\ub9ac\uc790\ub294 monlist \uba85\ub839\uc744 \ube44\ud65c\uc131\ud654\ud558\uace0 \uc561\uc138\uc2a4 \uc81c\uc5b4\ub97c \uad6c\ud604\ud558\uc5ec \ubb34\ub2e8 NTP \ucffc\ub9ac\ub97c \ubc29\uc9c0\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ubb38\uc81c:<\/strong> IP \uc2a4\ud478\ud551 \u2013 \uc18c\uc2a4 IP \uc2a4\ud478\ud551\uc740 \uacf5\uaca9\uc790\ub97c \ucd94\uc801\ud558\uace0 \ucc45\uc784\uc744 \ubb3b\ub294 \uac83\uc744 \uc5b4\ub835\uac8c \ub9cc\ub4ed\ub2c8\ub2e4.<\/p>\n<p><strong>\ud574\uacb0\ucc45:<\/strong> \ub124\ud2b8\uc6cc\ud06c \ud544\ud130\ub9c1 \u2013 \ub124\ud2b8\uc6cc\ud06c \uc218\uc2e0 \ud544\ud130\ub9c1\uc744 \uc0ac\uc6a9\ud558\uba74 \uc2a4\ud478\ud551\ub41c \uc18c\uc2a4 IP \uc8fc\uc18c\uac00 \ud3ec\ud568\ub41c \uc218\uc2e0 \ud328\ud0b7\uc744 \uc0ad\uc81c\ud558\uc5ec \ubc18\uc0ac \uacf5\uaca9\uc758 \uc601\ud5a5\uc744 \uc904\uc77c \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ubb38\uc81c:<\/strong> \uacf5\uaca9 \uc644\ud654 \u2013 NTP \uc99d\ud3ed \uacf5\uaca9\uc744 \uc2e4\uc2dc\uac04\uc73c\ub85c \uac10\uc9c0\ud558\uace0 \uc644\ud654\ud558\ub294 \uac83\uc740 \uc11c\ube44\uc2a4 \uac00\uc6a9\uc131\uc744 \ubcf4\uc7a5\ud558\ub294 \ub370 \uc911\uc694\ud569\ub2c8\ub2e4.<\/p>\n<p><strong>\ud574\uacb0\ucc45:<\/strong> DDoS \ubcf4\ud638 \uc11c\ube44\uc2a4 \u2013 \uc804\ubb38\uc801\uc778 DDoS \ubcf4\ud638 \uc11c\ube44\uc2a4\ub97c \ud65c\uc6a9\ud558\uba74 NTP \uc99d\ud3ed \uacf5\uaca9\uc744 \ud6a8\uacfc\uc801\uc73c\ub85c \ud0d0\uc9c0\ud558\uace0 \uc644\ud654\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ul>\n<h2>\uc8fc\uc694 \ud2b9\uc9d5 \ubc0f \uc720\uc0ac \uc6a9\uc5b4\uc640\uc758 \ube44\uad50<\/h2>\n<table>\n<thead>\n<tr>\n<th>\uc6a9\uc5b4<\/th>\n<th>\uc124\uba85<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>NTP \uc99d\ud3ed<\/td>\n<td>DDoS \ubc18\uc0ac \uacf5\uaca9\uc5d0 monlist \uba85\ub839\uc744 \uc545\uc6a9\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>DNS \uc99d\ud3ed<\/td>\n<td>DDoS \ubc18\uc0ac \uacf5\uaca9\uc744 \uc704\ud574 DNS \uc11c\ubc84\ub97c \uc545\uc6a9\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>SNMP \uc99d\ud3ed<\/td>\n<td>DDoS \ubc18\uc0ac \uacf5\uaca9\uc744 \uc704\ud574 SNMP \uc11c\ubc84\ub97c \uc545\uc6a9\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>UDP \ud50c\ub7ec\ub4dc \uacf5\uaca9<\/td>\n<td>\ub300\ub7c9\uc758 UDP \ud2b8\ub798\ud53d\uc73c\ub85c \ub300\uc0c1\uc744 \uc555\ub3c4\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>TCP SYN \ud50c\ub7ec\ub4dc \uacf5\uaca9<\/td>\n<td>TCP \ud578\ub4dc\uc170\uc774\ud06c\uc5d0\uc11c SYN \uc694\uccad\uc73c\ub85c \ub300\uc0c1\uc744 \uc555\ub3c4\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>NTP \uc99d\ud3ed\uacf5\uaca9\uc5d0 \ub300\ud55c \uc804\ub9dd\uacfc \ubbf8\ub798\uae30\uc220<\/h2>\n<p>\uae30\uc220\uc774 \ubc1c\uc804\ud568\uc5d0 \ub530\ub77c \uc0ac\uc774\ubc84 \uc704\ud611\ub3c4 \ubc1c\uc804\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4. NTP \uc99d\ud3ed \uacf5\uaca9\uc744 \uc644\ud654\ud558\uae30 \uc704\ud55c \uc194\ub8e8\uc158\uc740 \uc9c0\uc18d\uc801\uc73c\ub85c \uac1c\uc120\ub418\uace0 \uc788\uc9c0\ub9cc \uacf5\uaca9\uc790\ub294 \uc801\uc751\ud558\uc5ec \uc0c8\ub85c\uc6b4 \uacf5\uaca9 \ubca1\ud130\ub97c \ucc3e\uc744 \uac00\ub2a5\uc131\uc774 \ub192\uc2b5\ub2c8\ub2e4. \uc0ac\uc774\ubc84 \ubcf4\uc548 \uc804\ubb38\uac00\ub294 \ucd5c\uc2e0 \ub3d9\ud5a5\uc744 \ud30c\uc545\ud558\uace0 \uc0c8\ub85c\uc6b4 \uc704\ud611\uc73c\ub85c\ubd80\ud130 \ubcf4\ud638\ud558\uae30 \uc704\ud55c \ud601\uc2e0\uc801\uc778 \uae30\uc220\uc744 \uac1c\ubc1c\ud558\ub294 \uac83\uc774 \ud544\uc218\uc801\uc785\ub2c8\ub2e4.<\/p>\n<h2>\ud504\ub85d\uc2dc \uc11c\ubc84 \ubc0f NTP \uc99d\ud3ed \uacf5\uaca9<\/h2>\n<p>\ud504\ub85d\uc2dc \uc11c\ubc84\ub294 NTP \uc99d\ud3ed \uacf5\uaca9\uc744 \uc644\ud654\ud558\ub294 \ub370 \uc911\uc694\ud55c \uc5ed\ud560\uc744 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ud074\ub77c\uc774\uc5b8\ud2b8\uc640 NTP \uc11c\ubc84 \uc0ac\uc774\uc758 \uc911\uac1c\uc790 \uc5ed\ud560\uc744 \ud568\uc73c\ub85c\uc368 \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \ub4e4\uc5b4\uc624\ub294 NTP \uc694\uccad\uc744 \ud544\ud130\ub9c1\ud558\uace0 \uac80\uc0ac\ud558\uc5ec \uc7a0\uc7ac\uc801\uc778 \uc545\uc131 \ud2b8\ub798\ud53d\uc774 \ucde8\uc57d\ud55c NTP \uc11c\ubc84\uc5d0 \ub3c4\ub2ec\ud558\uae30 \uc804\uc5d0 \ucc28\ub2e8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub97c \ud1b5\ud574 \uc99d\ud3ed \uacf5\uaca9\uc758 \uc704\ud5d8\uc744 \uc904\uc774\uace0 \uc804\ubc18\uc801\uc778 \ub124\ud2b8\uc6cc\ud06c \ubcf4\uc548\uc744 \ud5a5\uc0c1\uc2dc\ud0ac \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>\uad00\ub828\ub41c \ub9c1\ud06c\ub4e4<\/h2>\n<p>NTP \uc99d\ud3ed \uacf5\uaca9 \ubc0f DDoS \ubcf4\ud638\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \ub0b4\uc6a9\uc740 \ub2e4\uc74c \ub9ac\uc18c\uc2a4\ub97c \ucc38\uc870\ud558\uc138\uc694.<\/p>\n<ol>\n<li><a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/TA14-013A\" target=\"_new\" rel=\"noopener nofollow\">US-CERT \uacbd\uace0(TA14-013A) \u2013 NTP \uc99d\ud3ed \uacf5\uaca9<\/a><\/li>\n<li><a href=\"https:\/\/tools.ietf.org\/html\/rfc5905\" target=\"_new\" rel=\"noopener nofollow\">IETF \u2013 \ub124\ud2b8\uc6cc\ud06c \uc2dc\uac04 \ud504\ub85c\ud1a0\ucf5c \ubc84\uc804 4: \ud504\ub85c\ud1a0\ucf5c \ubc0f \uc54c\uace0\ub9ac\uc998 \uc0ac\uc591<\/a><\/li>\n<li><a href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/ntp-amplification-ddos-attack\/\" target=\"_new\" rel=\"noopener nofollow\">Cloudflare \u2013 NTP \uc99d\ud3ed \uacf5\uaca9<\/a><\/li>\n<li><a href=\"https:\/\/oneproxy.pro\/kr\/ddos-protection\/\" target=\"_new\" rel=\"noopener\">OneProxy \u2013 DDoS \ubcf4\ud638 \uc11c\ube44\uc2a4<\/a> (OneProxy\uc5d0\uc11c \uc81c\uacf5\ud558\ub294 DDoS \ubcf4\ud638 \uc11c\ube44\uc2a4 \ub9c1\ud06c)<\/li>\n<\/ol>\n<h2>\uacb0\ub860<\/h2>\n<p>NTP \uc99d\ud3ed \uacf5\uaca9\uc740 \ub192\uc740 \uc99d\ud3ed\uc728\uacfc \uc18c\uc2a4 IP \uc2a4\ud478\ud551 \uae30\ub2a5\uc73c\ub85c \uc778\ud574 DDoS \uacf5\uaca9 \uc601\uc5ed\uc5d0\uc11c \uc5ec\uc804\ud788 \uc2ec\uac01\ud55c \uc704\ud611\uc73c\ub85c \ub0a8\uc544 \uc788\uc2b5\ub2c8\ub2e4. \uc628\ub77c\uc778 \uc11c\ube44\uc2a4\uc758 \ud0c4\ub825\uc131\uc744 \ubcf4\uc7a5\ud558\ub824\uba74 \ub0b4\ubd80 \uc791\ub3d9 \ubc29\uc2dd\uc744 \uc774\ud574\ud558\uace0 \uac15\ub825\ud55c \uc644\ud654 \uc804\ub7b5\uc744 \uc0ac\uc6a9\ud558\ub294 \uac83\uc774 \uc911\uc694\ud569\ub2c8\ub2e4. \uae30\uc220\uc774 \ubc1c\uc804\ud568\uc5d0 \ub530\ub77c \uc0c8\ub85c\uc6b4 \uc704\ud611\uc5d0 \ub300\ud574 \uacbd\uacc4\uc2ec\uc744 \uc720\uc9c0\ud558\uace0 \ubcf4\ud638\ub97c \uc704\ud574 \ud504\ub85d\uc2dc \uc11c\ubc84\uc640 \uac19\uc740 \uae30\uc220\uc744 \ud65c\uc6a9\ud558\ub294 \uac83\uc774 NTP \uc99d\ud3ed \uacf5\uaca9\uc5d0 \ub9de\uc11c \uc2f8\uc6b0\ub294 \ub370 \ud544\uc218\uc801\uc785\ub2c8\ub2e4.<\/p>","protected":false},"featured_media":478231,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-478230","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>NTP Amplification Attack: An Overview<\/mark>","faq_items":[{"question":"What is the NTP Amplification Attack?","answer":"<p>The NTP Amplification Attack is a type of Distributed Denial of Service (DDoS) attack that takes advantage of vulnerable Network Time Protocol (NTP) servers to flood a target with amplified traffic. Attackers spoof the target's IP address and send small requests to NTP servers that support the monlist command, resulting in massive responses that overwhelm the target's resources.<\/p>"},{"question":"How did the NTP Amplification Attack originate?","answer":"<p>The NTP Amplification Attack was first identified in 2013. It stemmed from a vulnerability in NTP servers with the monlist command enabled. Attackers realized they could exploit this vulnerability to launch powerful DDoS attacks with a high amplification factor.<\/p>"},{"question":"How does the NTP Amplification Attack work?","answer":"<p>The NTP Amplification Attack uses reflection and source IP spoofing. Attackers send small requests to vulnerable NTP servers, pretending to be the target's IP address. The NTP servers then respond with much larger responses, flooding the target with amplified traffic, leading to service disruption.<\/p>"},{"question":"What are the key features of the NTP Amplification Attack?","answer":"<p>The NTP Amplification Attack is characterized by its high amplification factor, which can be up to 1,000 times the initial request's size. It also employs source IP spoofing, making it difficult to trace the attackers. Furthermore, the attack floods the target with a massive volume of traffic.<\/p>"},{"question":"What types of NTP Amplification Attacks exist?","answer":"<p>There are two main types of NTP Amplification Attacks:<\/p><ol><li><p>Direct NTP Attack: Attackers directly target a vulnerable NTP server to launch the attack.<\/p><\/li><li><p>Reflective Attack: Attackers use multiple intermediate NTP servers to reflect and amplify the attack traffic towards the target.<\/p><\/li><\/ol>"},{"question":"How can organizations protect against NTP Amplification Attacks?","answer":"<p>To defend against NTP Amplification Attacks, organizations should consider the following solutions:<\/p><ul><li><p><strong>Server Hardening:<\/strong> Administrators should disable the monlist command on NTP servers and implement access controls to prevent unauthorized queries.<\/p><\/li><li><p><strong>Network Filtering:<\/strong> Employ network ingress filtering to drop incoming packets with spoofed source IP addresses, reducing the impact of reflection attacks.<\/p><\/li><li><p><strong>DDoS Protection Services:<\/strong> Utilize specialized DDoS protection services to detect and mitigate NTP Amplification Attacks effectively.<\/p><\/li><\/ul>"},{"question":"How is NTP Amplification Attack related to proxy servers?","answer":"<p>Proxy servers can be used as intermediaries between clients and NTP servers to filter and inspect incoming NTP requests. By doing so, they can block potential malicious traffic before it reaches vulnerable NTP servers, reducing the risk of amplification attacks and enhancing overall network security.<\/p>"},{"question":"What are the future perspectives and technologies related to NTP Amplification Attack?","answer":"<p>As technology evolves, attackers are likely to find new ways to exploit NTP servers and launch amplified attacks. Cybersecurity professionals must stay updated with the latest trends and develop innovative technologies for safeguarding against emerging threats effectively.<\/p>"},{"question":"Where can I find more information about NTP Amplification Attacks and DDoS protection?","answer":"<p>For further insights into NTP Amplification Attacks and DDoS protection, you can refer to the following resources:<\/p><ol><li><a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/TA14-013A\" target=\"_new\">US-CERT Alert (TA14-013A) - NTP Amplification Attacks<\/a><\/li><li><a href=\"https:\/\/tools.ietf.org\/html\/rfc5905\" target=\"_new\">IETF - Network Time Protocol Version 4: Protocol and Algorithms Specification<\/a><\/li><li><a href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/ntp-amplification-ddos-attack\/\" target=\"_new\">Cloudflare - NTP Amplification Attacks<\/a><\/li><li><a href=\"https:\/\/oneproxy.pro\/ddos-protection\" target=\"_new\">OneProxy - DDoS Protection Services<\/a> (Link to the DDoS protection services offered by OneProxy)<\/li><\/ol>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/478230","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/478230\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media\/478231"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media?parent=478230"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}