What's going on with NTP?

Jared Mauch jared at puck.nether.net
Wed Dec 25 16:58:36 UTC 2013


There have been a lot of NTP reflection attacks recently. Think the same as dns amplification. 

Make sure you restrict access and know how to look at the client list. 

Jared Mauch

> On Dec 25, 2013, at 10:42 AM, Javier Henderson <javier at kjsl.org> wrote:
> 
> 
>> On Dec 25, 2013, at 11:35 AM, John Levine <johnl at iecc.com> wrote:
>> 
>> I have two FreeBSD servers where the NTP daemons are using double digit CPU
>> percentages today rather than the usual 0.01%.  Restarting them didn't help.
>> 
>> The clock on my Android phone is five hours slow.  (It's not the time zone,
>> I checked that.)
>> 
>> Is this just my special Christmas present, or are there screwed up NTP servers?
> 
> I suspect your servers are being attacked. Are you seeing a lot of in/out NTP traffic on those FreeBSD servers?
> 
> -jav
> 
> 



More information about the NANOG mailing list