[ntp:questions] Bounce attack via pool server

Jure Sah dustwolfy at gmail.com
Mon Dec 23 14:40:41 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On 23. 12. 2013 15:16, Rob wrote:
> The sender of this report does not really have a clue.
> 
> However, you should investigate if your server is or has been
> running unsynchronized.  If it is, it does not belong in the pool.
> 
> If not, maybe it temporarily went unsynchronized due to the heavy 
> network traffic because of the attack? Hopefully you keep enough
> logging and monitoring info to check this.
> 
> Reflection attacks should not really be possible when you change 
> the config as mentioned in the other posting.

Ok thanks. Implemented the fix on my other timeservers as well.

It was probably unsynchronized because of the load, however:
http://www.pool.ntp.org/scores/
...has been showing it as OK troughout all this time.

LP,
Jure

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlK4S2kACgkQB6mNZXe93qiI+wCgvHhAGUaj71qxVNR7LHpDrjTl
mqkAnjgmgTEgB/mhz94qoi7O4/ECZ0Gz
=mVc2
-----END PGP SIGNATURE-----



More information about the questions mailing list