ddos attack blog

Mark Tinka mark.tinka at seacom.mu
Fri Feb 14 08:10:37 UTC 2014


On Friday, February 14, 2014 03:01:27 AM Jared Mauch wrote:

> I would actually like to ask for those folks to un-block
> NTP so there is proper data on the number of hosts for
> those researching this.  The right thing to do is
> reconfigure them.  I've seen a good trend line in NTP
> servers being fixed, and hope we will see more of that
> in the next few weeks.

Depending on your OS, the fixes can be quite simple or 
interesting.

On my FreeBSD servers, simply updating with "freebsd-update" 
was enough to fix the issue (in addition to limiting 
who/what can access the service).

On Cisco devices, the ACL's you can attach to the NTP 
process are quite effective.

On Juniper devices, it is less intuitive, and even though 
NTP is enabled only as a client, it, sadly, runs the server 
as well. A firewall filter helps here when applied 
correctly.

Can't speak to other OS's.

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140214/6e3ab0dc/attachment.bin>


More information about the NANOG mailing list