I use the following iptables rule to drop those monlist pakets on my gatways
<<
-A INPUT -p udp -dport 123 -m u32 --u32 0x0>>0x16&0x3c@0x8&0xff=0x2a -j DROP
>>
should drop all NTP pakets with request code 42
Am 13.02.2014 09:52, schrieb Terje Mathisen:
David Woolley wrote:
On 12/02/14 21:43, Terje Mathisen wrote:
David Woolley wrote:
In this article, which also appeared in the paper version this
morning, they suggest that normal NTP time requests result in a much
larger response than the request.
http://metro.co.uk/2014/02/11/the-start-of-ugly-things-to-come-hackers-flood-european-servers-in-biggest-computer-attack-of-its-kind-4300395/
There was no comment section for that article and no documented way to
reach the author so I gave up on sending in a correction. :-(
I thought I found a comment box, but you needed to be signed up with a
social networking service to use it.
In any case, the problem in getting anything actually printed is that
you have to write it in a way that is interesting to the non-technical.
I already wrote such a comment for the Slashdot article about the same
issue:
http://slashdot.org/comments.pl?sid=4776427&cid=46215895
Terje
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
