Fwd: port 123 reflection attacks

• Previous message (by thread): Fwd: port 123 reflection attacks
• Next message (by thread): Level3 DNS not resolving for our domains
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> - be sure ntpd is properly configured

to be explicit, test it

     % ntpdc -n -c monlist psg.com    
     psg.com: timed out, nothing received
     ***Request timed out

this is the desired result.  any real response means the host is open
to be a reflector

fwiw, i got caught last week.  a debien vm had been brought up using
dhcp, and the /var/lib/ntp/ntp.conf.dhcp was still there after the host
was reconfigured to static.  took me a while to find it.  embarrassing.
my ntp.yml playbook now has as it's first task

    - name: remove dhcpd artifact
      file: path=/var/lib/ntp/ntp.conf.dhcp state=absent

randy

• Previous message (by thread): Fwd: port 123 reflection attacks
• Next message (by thread): Level3 DNS not resolving for our domains
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]