[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OpenNTPProject.org
- Subject: OpenNTPProject.org
- From: Derek.Andrew at usask.ca (Derek Andrew)
- Date: Mon, 13 Jan 2014 15:13:18 -0600
- In-reply-to: <[email protected]>
- References: <[email protected]>
nmap -sU -pU:123 -Pn -n --script=ntp-monlist serverIP
On Mon, Jan 13, 2014 at 3:07 PM, Jared Mauch <jared at puck.nether.net> wrote:
> Greetings,
>
> With the recent increase in NTP attacks, I wanted to advise the community
> of a few things:
>
> There are about 1.2-1.5 million of these servers out there.
>
> 1) You can search your IP space to find NTP servers that respond to the
> ?MONLIST? queries.
>
> 2) I?ve found some vendors have old embedded versions of NTP including
> ILO/Service Processors and other parts of the ?internet of things?.
>
> 3) You want to upgrade NTP, or adjust your ntp.conf to include ?limited?
> or ?restrict? lines or both. (I defer to someone else to be an expert in
> this area, but am willing to learn :) )
>
> 4) Please prevent packet spoofing where possible on your network. This
> will limit the impact of spoofed NTP or DNS (amongst others) packets from
> impacting the broader community.
>
> 5) Some vendors don?t have an easy way to alter the ntp configuration, or
> have not or won?t be updating NTP, you may need to use ACLs, firewall
> filters, or other methods to block this traffic. I?ve heard of many
> routers being used in attacks impacting the CPU usage.
>
> Take a moment and see if your devices respond to the following
> query/queries:
>
> ntpdc -n -c monlist 10.0.0.1
> ntpdc -n -c loopinfo 10.0.0.1
> ntpdc -n -c iostats 10.0.0.1
>
> 6) If you do VMs/Servers and have a template, please make sure that they
> do not respond to NTP requests.
>
> Thanks!
>
> - Jared
>
--
Copyright 2014 Derek Andrew (excluding quotations)
+1 306 966 4808
Information and Communications Technology
University of Saskatchewan
Peterson 120; 54 Innovation Boulevard
Saskatoon,Saskatchewan,Canada. S7N 2V3
Timezone GMT-6
Typed but not read.