On 2/12/14, 2:43 PM, Gary Mills wrote: > For those who haven't already heard about this NTP exploit, it begins > with a single UDP packet sent to a computer running the NTP service. > With the default configuration, a monlist query will result in many > packets being returned to the source of the query. All it takes is a > spoofed source address to turn this into a DOS attack. You can read > about it here: > > > http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks > > The solution is here: > > http://support.ntp.org/bin/view/Support/AccessRestrictions > > I'm attaching the changes I made to my ntp.conf to avoid this problem.
Prudent advice, yes, but I can't think of any situation where an openly accessible NTP service on an Internet-facing machine that isn't *specifically* configured to be an NTP server isn't a case of bad admin negligence. *All* Internet-facing machines should be running ipfilters and only open up ports for the services they are designed to provide. Anyway, you're right on the changes to ntp.conf and I have to wonder why this wasn't the default in the ntp package to begin with. Just my two cents... Cheers, -- Saso _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
