Which concern is important when monitoring NTP servers for abnormal levels of traffic?
A. Being the cause of a distributed reflection denial of service attack.
B. Users changing the time settings on their systems.
C. A critical server may not have the correct time synchronized.
D. Watching for rogue devices that have been added to the network.
Answer: A – There are many different ways to perform denial-of-service attacks. The oldest method for a distributed DoS attack is using spoofed IP addresses; other DDoS attacks include abusing insecurely configured devices with NTP enabled, or attacks on DNS. NTP- and DNS-based DDoS attacks can be used as force multipliers because they allow the attacker to send a small IP packet to the target victim while the intermediate server sends a large IP packet to the target.
https://searchsecurity.techtarget.com/answer/How-is-distributed-reflection-denial-of-service-different-from-DoS
I would definitely go with C and NOT A.
NTP is a protocol that is designed to synchronize the clocks of computers and network devices (servers) over a network. The whole point of NTP is to ensure accurate timestamp information. As NTP is used to ensure accurate timestamp info, it possess a risk because attackers can falsify the NTP timestamp information and the timestamp advertisement allowing the attacker to take advantage.
If you’re going give an answer, at least have an explanation to your answer.
Agree with you about those are true statements but come on it is Cisco choose the most appropriate answer for this test “abnormal levels of traffic” is a DOS or DDOS
Reflected DDoS attacks occur when the sources of the attack are sent spoofed packets
that appear to be from the victim, and then the sources become unwitting participants in
the DDoS attacks by sending the response traffic back to the intended victim. UDP is
often used as the transport mechanism because it is more easily spoofed due to the lack
of a three-way handshake. For example, if the attacker (A) decides he wants to attack a
victim (V), he will send packets (for example, Network Time Protocol [NTP] requests)
to a source (S) that thinks these packets are legitimate. The source then responds to the
NTP requests by sending the responses to the victim, who was never expecting these
NTP packets from the source
it says abnormal levels of traffic, so I dont think a critical server would generate that if time is not sync. Answer is A
I agree, UDP-based NTP protocol is prone to amplification attacks because it will reply to a packet with a spoofed source IP address and because at least one of its built in commands will send a long reply to a short request. That makes it ideal as a DDoS tool ()
ans is ; C. A critical server may not have the correct time synchronized.