FSMLabs’ TimeKeeper Not Vulnerable to Widespread NTPd DDoS Attack

Austin, TX - 9 April 2014

Time synchronization solution detects abnormal activity and equipment failure immediately 

FSMLabs, provider of software and hardware for high-precision time synchronization and distribution, today announced that customers already protected by TimeKeeper® software are not vulnerable to a timing network based denial of service (DDoS) attack that took down the servers of multiple gaming companies last week. The attack used the common Network Time Protocol daemon (NTPd) software as an entry point to penetrate networks. TimeKeeper provides clients with superior precision, resilience and auditability of their time across the network.

The DDos attack, detailed in a recent CERT security advisory, exploits a management feature left open in free software implementations of the Network Time Protocol (NTP) to “amplify” a flood of data at the target system and to access the network. Companies using public cloud networks, exchanges which, by design, operate using open networks, and firms without a strong trading security infrastructure that includes state of the art network timing technology are vulnerable to this attack. The vulnerability underscores the lack of security measures in default time synchronization software and reinforces the importance of resilient design in network time synchronization.

FSMLabs’ TimeKeeper solution stands up against these attacks by rejecting the malicious request used to perpetrate DDoS attacks in order to prevent dangerous access and intrusion into the network. TimeKeeper is designed with security and fault tolerance in mind, delivering high data integrity, and allowing firms to detect abnormal activity such as GPS spoof attacks, jamming attacks, and equipment failures that can often go unnoticed.

“Cyber criminals are increasingly looking for vulnerability points in network infrastructure and time synchronization, because of its system wide utilization, is a prime target. Financial trading firms, database providers and gaming companies need to take preemptive action,” said Victor Yodaiken, President of FSMLabs. “These attacks underline the urgent need for a resilient and more secure time synchronization solution. FSMLabs’ TimeKeeper is designed from the ground up with the security needs of financial trading and data sensitive industries in mind and is proven to be not vulnerable to this attack whether deployed in the cloud or as a hosted solution.” 

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development