[ntp:questions] Bounce attack via pool server

David Lord snews at lordynet.org
Mon Dec 23 14:38:13 UTC 2013


Jure Sah wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello,
> 
> I am an administrator of a public NTP server joined to "pool.ntp.org".
> Our server has recently been an unwilling party to a NTP UDP based
> bounce attack and have received the report attached below.
> 
> I would like to continue offering my server in the pool, but I would
> also like to secure my server configuration to prevent such attacks in
> the future. I am unsure as to what exactly to do, as some of what is
> suggested below (for example, turning off UDP support on the time
> server) would most likely result in problems for pool users, if not
> invalidate my NTP server for use in the pool altogether. I would like
> my server to still be as useful as possible for everybody.
> 
> I am using ntpd version 4.2.6p3. I have searched trough the
> www.pool.ntp.org website on the subject and could not find any general
> recommendation for a secure setup, however I might not have been
> looking in the right places.
> 
> Could anyone please help?

I've recently added noquery to my ntp.conf:

restrict default limited kod nomodify notrap nopeer noquery

other suggestions are that kod might be a bad idea.


David


> 
> LP,
> Jure



More information about the questions mailing list