Here is the original article from Symantec http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks
I used the following command within the article to test my server; ntpdc -c monlist [hostname] If you are not vulnerable, you should receive a 'no response' error. Stuart Berry On 30 Dec 2013, at 21:38, "Max Grobecker" <[email protected]<mailto:[email protected]>> wrote: Hi, I *think* my server is not vulnerable, but I would like to make sure it is not. Is there an "official" list outside with some commands to test against the servers? I think this would help some people hardening their setups... (With "some people" I'm including me, too ;-) ) Greetings from Wuppertal Max Am 30.12.2013 22:11, schrieb Brian Rak: If anyone is running a pool server, and has not disabled querying in some way (noquery, disable monitor, NTPD upgrade, etc), please do so ASAP. We were hit with multiple 40+ gbps attacks over the weekend, all using NTP reflection. This has become a critical issue, and running your server with query enabled is actively harming other machines on the internet. NTP pool machines could be some of the worst offenders, as your monlist output is going to be very large (as compared to a machine that's just a client). Please, take a few minutes and verify that you are not vulnerable to this. Can we get this information added to the pool configuration recommendations? http://www.pool.ntp.org/join/configuration.html On 12/29/2013 8:08 PM, Ask Bj?rn Hansen wrote: Adding "noquery" to the default restrict line should work, too. _______________________________________________ pool mailing list [email protected]<mailto:[email protected]> http://lists.ntp.org/listinfo/pool _______________________________________________ pool mailing list [email protected]<mailto:[email protected]> http://lists.ntp.org/listinfo/pool _______________________________________________ pool mailing list [email protected]<mailto:[email protected]> http://lists.ntp.org/listinfo/pool _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
