The Dark Arts of NTP Poisoning


NTP (Network Time Protocol) poisoning attack, also known as NTP reflection attack or NTP amplification attack, is a type of distributed denial-of-service (DDoS) attack that exploits the vulnerabilities in the NTP protocol to overwhelm a target server or network with a flood of traffic. NTP is a protocol used to synchronize the time on computer systems and devices across a network.

Here's how an NTP poisoning attack typically works...

NTP poisoning attacks are a form of reflection and amplification attack, as the attacker uses a third-party service (in this case, the NTP servers) to reflect and amplify the attack traffic towards the target. To defend against NTP poisoning attacks, network administrators can implement various measures, such as:

Should I be concerned about NTP Poisoning?

NTP poisoning attacks highlight the importance of securing network services and properly configuring them to prevent abuse by malicious actors.

The NTP Poisoning Attack is very UNCOMMON due to several pieces needing to be in place to execute -

In that scenario, ALL machines on your network would start experiencing clock drift, since I'd assume you're using NTP for your workstations and servers. If you are concerned that an attacker would have the ability to compromise the core network services in your environment, there are several methods to mitigate that risk.

How does Veeam help with NTP poisoning?

What should I do?

Protecting Veeam Backup & Replication against a Network Time Protocol (NTP) attack primarily involves securing your NTP servers and ensuring proper configuration of your Veeam infrastructure. NTP attacks can disrupt the time synchronization, which can lead to backup and replication issues. Here are steps to help protect Veeam against NTP attacks:

An NTP poisoning attack is a type of DDoS attack that exploits vulnerabilities in the Network Time Protocol (NTP). Attackers send fake requests with the target's IP to vulnerable NTP servers, which then flood the target with amplified responses, overwhelming it. To defend against this attack, limit request rates, use access control lists, keep servers updated, monitor network traffic, and employ firewalls/IDS/IPS systems.


By following these steps and regularly reviewing your security measures, you can significantly reduce the risk of NTP attacks affecting your environment. Remember that cybersecurity is an ongoing process, and staying vigilant is crucial to maintaining the security of your infrastructure.