OpenNTPProject.org
Brian Rak
brak at gameservers.com
Mon Feb 17 13:45:32 UTC 2014
Rate limitings been in place for quite some time, but I believe it's
only for actual time queries. This DDOS uses monlist, which isn't
subject to the same rate limits.
You've disabled monlist now, so I bet you'll no longer need all the rate
limiting IPTables rules. (Though, you'll still see the incoming garbage
for awhile, but NTPD will just discard it so it shouldn't cause problems).
On 2/17/2014 2:23 AM, Pete Ashdown wrote:
> On 2/16/14, 7:38 PM, Brian Rak wrote:
>> Seriously, just fix your configuration. The part of NTP being abused
>> is completely unrelated to actually synchronizing time. It's a
>> management query, that has no real reason to be enabled remotely. You
>> don't even need to resort to iptables for this, because NTPD has built
>> in rate limiting (which isn't enabled for management queries, but
>> those are trivial to disable).
> Thanks for the tip, monitoring is off. I was under the impression that
> rate-limiting hadn't made it into a stable version of ntpd yet. Is that
> incorrect?
>
>
More information about the NANOG
mailing list