The Network Time Protocol (NTP) Reflection attack exploits a timing mechanism that underpins a way the internet works to greatly amplify the power of what would otherwise be a small and ineffective assault.
via World’s largest DDoS strikes US, Europe – Security – Technology – News – iTnews.com.au.
The OpenNTPProject can help administrators determine if their servers are vulnerable.
Last July 1, that scenario became real as the “Leap Second” bug caused many Linux servers to get stuck in a loop, endlessly checking the date and time. At the Internet’s busiest data centers, power usage almost instantly spiked by megawatts, stress-testing the facility’s power load and the user’s capacity planning.
via A Storm of Servers: How the Leap Second Led Facebook to DCIM.
What was happening? The additional second caused particular problems for Linux systems that use the Network Time Protocol (NTP) to synchronize their systems with atomic clocks. The leap second caused these systems to believe that time had “expired,” triggering a loop condition in which the system endlessly sought to check the date, spiking CPU usage and power draw.
THE WORKAROUND
Ok people, here’s how I worked around it.
- disabled ntp: /etc/init.d/ntp stop
- created http://linux.brong.fastmail.fm/2012-06-30/fixtime.pl (code stolen from Marco, see blog posts in comments)
- ran fixtime.pl without an argument to see that there was a leap second set
- ran fixtime.pl with an argument to remove the leap second