disable monitor ### This was added recently
The fact that you added this recently means that you've got a ton of
people trying to abuse your server to conduct DDOS attacks. I wouldn't
recommend you do anything further for awhile. Now that you aren't
vulnerable, you'll drop off the reflection lists in time.
On 2/13/2014 6:41 PM, Nyamul Hassan wrote:
Thank you for the quick response!
We are currently using these base rules:
restrict default limited kod notrap nopeer
restrict 127.0.0.1
server clock.isc.org
server bonehed.lcs.mit.edu
server time.nist.gov
peer xxx1
peer xxx2
peer xxx3
peer xxx4
disable monitor ### This was added recently
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
logconfig all
logfile /var/log/ntp.log
We'll add the "noquery" as you suggested to the top line. Would you have
any other suggestions for us?
Regards
HASSAN
On Fri, Feb 14, 2014 at 5:29 AM, Anssi Johansson <[email protected]>wrote:
Nyamul Hassan kirjoitti:
From the documentation, and all literature that I can find on the
internet,
it seems any remote client who needs to talk to our NTP servers on UDP
123,
must also originate the request from UDP 123. Considering this, we have
firewalled any traffic for/from UDP 123 on our servers that does not
start/end in UDP 123 on the remote machines.
Could someone confirm if this is correct? Or are we blocking legitimate
reqeusts as well?
You are blocking legitimate requests as well. One example: traffic coming
from behind NAT firewalls. NAT changes the source port to some other port.
Adding "limited kod" to your "restrict default" line in ntp.conf is
usually a rather good countermeasure. I would also suggest adding "noquery"
to that line to prevent the recent NTP amplification attacks.
See http://support.ntp.org/bin/view/Support/AccessRestrictions and
http://support.ntp.org/bin/view/Main/SecurityNotice#
DRDoS_Amplification_Attack_using
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
