• Home
  • Resources
  • Blog
  • How to Prevent NTP DDoS Attacks

The number of attacks against computer networks has increased during the pandemic, and it’s important to remember that NTP (Network Time Protocol) is often targeted by hackers as a potential vulnerability. As your business might be at risk, understanding the issue is key to avoiding the damage these attacks can cause to your services.

Even cybersecurity experts CloudFlare, themselves affected by a huge NTP attack, have gone to lengths to highlight how exposed NTP can be to this kind of threat. Since Bodet design and manufacture our own NTP time servers, we recognise the importance of secure network time synchronization and help our customers fight against cybercrime with our solutions.

A Straightforward Solution

There is no escaping the fact that NTP has become a recognised and effective target for hackers. It’s also clear that free (public) internet NTP time servers are especially vulnerable. Many organisations still use the internet for time synchronization, although doing so puts them at increased risk of cyberattacks with many implications.

The answer is to switch to using local NTP time servers. They don’t need to source the time from the internet, and can instead alternative means such as GNSS (Global navigation satellite system) antenna. Without the requirement for an internet connection, NTP DDoS (Distributed Denial of Service) attacks are a thing of the past. You also no longer need an open port in your firewall, a necessity for using internet time servers, further protecting your network from attackers performing DDoS attacks.

A What-if Scenario

You might think it’s only time-sensitive sectors such as healthcare, transport and finance where an NTP DDoS attack could be catastrophic. However, every organisation has a lot to lose.

Let’s say your business relies on a free internet NTP time server to synchronize time across your network. One day, you’re the target of an NTP DDoS attack, and the traffic it generates causes your network to crash. Not only can you no longer rely on any time-critical processes within your business, but the whole company grinds to a halt because your IT systems are down. The financial impact of this will continue to increase until your business operations can resume.

However, the overall effect could be even worse than that. Quite often, DDoS attacks are launched by an attacker as a means to an end, where the overall goal is to further breach a network. For example, malware could be installed onto a server whilst the firewall has been temporarily disabled by the original attack. Once this is done, any data on your system can easily be extracted for a hacker’s own purposes, whether it’s to sell it on, or ransom it back to you. The escalating nature of these attacks means that it can very quickly go from just your network being affected to your whole business being at stake.

Investment in Prevention

By securing your use of NTP time synchronization, an NTP time server from Bodet protects your whole organisation. Being a victim of even a single instance of a DDoS attack could result in costly financial losses, and although local NTP servers aren’t free, it’s very easy to see how a one-off hardware purchase is far preferable to the alternative.

In addition to security, Bodet’s NTP Time Servers also provide far greater accuracy, eliminating factors which negatively affect it such as network load and firewall settings. With built-in oscillators, they maintain accuracy should the time signal ever be lost. There’s also the option to add multiple servers for peering for even greater time precision.

Another issue with internet time servers is reliability. Using a server that’s out of your control means that you don’t know how accurate its time source is, and it could just cease to operate and leave you without a time signal altogether. Bodet’s NTP Time Servers offer continual operation with a fan-less design to prevent hardware failures, and use highly accurate time sources such as GNSS.


Share the article