This information is provided via the ‘monlist’ command. The NTP service supports a monitoring service that allows administrators to query the server for traffic counts of connected clients. NTP Monlist Flood – The NTP Amplification attack is an emerging form of DDoS attacks that relies on the use of publically accessible NTP servers to overwhelm a victim’s system with UDP traffic.Like other reflective attacks, the attacker spoofs the IP address of the SNMP query and sends the malformed packets to a number of devices, resulting in a very large response being sent to the victim’s device. SNMP – A SNMP amplification attack is a sophisticated denial-of-service attack that takes advantage of the Simple Network Management Protocol(SNMP), an everyday protocol found in a number of devices including routers, printers and switches, in order to amplify an attack.This results in replies from the DNS servers, usually so big that they need to be split over several packets. During the DoS attack, the attacker sends DNS queries that request the entire list of DNS records for that domain. Second, the attacker finds an Internet domain that is registered with many DNS records.
First, the attacker spoofs the IP address of the DNS resolver and replaces it with the victim’s IP address, so all DNS replies will be sent to the victim’s servers.