On 02/03/14 19:31, William Unruh wrote:
On 2014-03-02, Brian Inglis <[email protected]> wrote:
On 2014-03-01 15:43, [email protected] wrote:
My NTP server is part of the pool project and appears to be running fine.
Comcast contacted me about a month ago to let me know that my NTP server was
infected with a bot. I checked and everything seems to be ok. I re-enabled my
server about a week ago and I received another phone call last week concerning
security on my network.
I contacted Ask and he said that it was not a bot but an issue with my server
allowing management requests. I asked Ask how to properly configure my
Meinberg client to not allow management requests because I understand that they
can be problematic. I know the config for ntpd but I am not sure of the proper
syntax for Meinberg. Can someone provide me with that info?
Banner on http://support.ntp.org links to
http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using
and recommends restrict default noquery [and possibly other no... options]
or you could use restrict default ignore; also add disable monitor.
And why those are not the default I will never know. They should never
have been on by default-- the problem was obvous 15 years ago, if
nothing else in giving an attacker knowledge about your system.
Things which go out to the broad internet should be off by default, and be
switched on by the user who needs them.
Just as ntpd does not have a list of servers it uses by default, but I
guess people running ntp servers got burned by that one 20 years ago.
There is a complete new generation of sys-admins since then.
"well known" among those so skilled in the art does not mean active
knowledge amongst users. This might be a lesson to remember.
Cheers,
Magnus
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
