Hi all, Our ntpd version (stable, 2011) contains a feature called 'monlist', which is enabled by default. This feature has recently been abused by huge ntp-amplification ddos attacks.
However, the vulnerability has only been fixed in the development version and security firms recommend upgrading to that (at least v4.2.7p26, 03/2010 release, so not really bleeding edge). Another option is to disable the problematic 'monlist' service in our current version by adding a line to the config file "disable monitor". However, the replacement 'mrulist' functionality is only available in the development release, so just disabling monlist probably cripples operations (I'm not very familiar with ntp). Given the fact that the stable release hasn't been updated with a fix, I would suggest we start following development releases for ntp, because there are probably other issues lurking in stable. Does anyone object to that? Or does anyone propose a different solution? http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks Regards, Mathijs _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
