What's going on with NTP?

David Ford david at blue-labs.org
Wed Dec 25 18:37:36 UTC 2013


On 12/25/2013 11:35 AM, John Levine wrote:
> I have two FreeBSD servers where the NTP daemons are using double digit CPU
> percentages today rather than the usual 0.01%.  Restarting them didn't help.
>
> The clock on my Android phone is five hours slow.  (It's not the time zone,
> I checked that.)
>
> Is this just my special Christmas present, or are there screwed up NTP servers?
>
> Regards,
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
> Please consider the environment before reading this e-mail. http://jl.ly
>

you probably need to configure them correctly with:

restrict default ignore

and add additional restrict lines if you have need for other legitimate
servers to make contact with them. i suspect right now you're providing
an ntp amplification attack to the spoofed source address.

-david




More information about the NANOG mailing list