What's going on with NTP?
Jared Mauch
jared at puck.nether.net
Wed Dec 25 16:58:36 UTC 2013
There have been a lot of NTP reflection attacks recently. Think the same as dns amplification.
Make sure you restrict access and know how to look at the client list.
Jared Mauch
> On Dec 25, 2013, at 10:42 AM, Javier Henderson <javier at kjsl.org> wrote:
>
>
>> On Dec 25, 2013, at 11:35 AM, John Levine <johnl at iecc.com> wrote:
>>
>> I have two FreeBSD servers where the NTP daemons are using double digit CPU
>> percentages today rather than the usual 0.01%. Restarting them didn't help.
>>
>> The clock on my Android phone is five hours slow. (It's not the time zone,
>> I checked that.)
>>
>> Is this just my special Christmas present, or are there screwed up NTP servers?
>
> I suspect your servers are being attacked. Are you seeing a lot of in/out NTP traffic on those FreeBSD servers?
>
> -jav
>
>
More information about the NANOG
mailing list