Fwd: port 123 reflection attacks
Randy Bush
randy at psg.com
Thu Dec 31 02:16:07 UTC 2015
> - be sure ntpd is properly configured
to be explicit, test it
% ntpdc -n -c monlist psg.com
psg.com: timed out, nothing received
***Request timed out
this is the desired result. any real response means the host is open
to be a reflector
fwiw, i got caught last week. a debien vm had been brought up using
dhcp, and the /var/lib/ntp/ntp.conf.dhcp was still there after the host
was reconfigured to static. took me a while to find it. embarrassing.
my ntp.yml playbook now has as it's first task
- name: remove dhcpd artifact
file: path=/var/lib/ntp/ntp.conf.dhcp state=absent
randy
More information about the NANOG
mailing list