[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What's going on with NTP?

Subject: What's going on with NTP?
From: david at blue-labs.org (David Ford)
Date: Wed, 25 Dec 2013 13:37:36 -0500
In-reply-to: <[email protected]>
References: <[email protected]>

On 12/25/2013 11:35 AM, John Levine wrote:
> I have two FreeBSD servers where the NTP daemons are using double digit CPU
> percentages today rather than the usual 0.01%.  Restarting them didn't help.
>
> The clock on my Android phone is five hours slow.  (It's not the time zone,
> I checked that.)
>
> Is this just my special Christmas present, or are there screwed up NTP servers?
>
> Regards,
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
> Please consider the environment before reading this e-mail. http://jl.ly
>

you probably need to configure them correctly with:

restrict default ignore

and add additional restrict lines if you have need for other legitimate
servers to make contact with them. i suspect right now you're providing
an ntp amplification attack to the spoofed source address.

-david

References:
- What's going on with NTP?
  - From: johnl at iecc.com (John Levine)

Prev by Date: What's going on with NTP?
Next by Date: Help me make sense of these traceroutes please
Previous by thread: What's going on with NTP?
Next by thread: What's going on with NTP?
Index(es):
- Date
- Thread