[ntp:questions] better rate limiting against amplification attacks?

Steve Kostecke kostecke at ntp.org
Wed Jan 15 12:47:41 UTC 2014


On 2014-01-15, David Woolley wrote:

> On 27/12/13 10:24, Rob wrote:
>
>> There are more and more amplification attacks against ntp servers,
>> similar to those against open DNS resolvers. A small packet sent with
>> a spoofed source address (allowed by a lame ISP) results in a large
>> reply from ntpd, sent to the victim of the attack.
>
> CERT have just issued an alert about the monlist attack:
><https://www.us-cert.gov/ncas/alerts/TA14-013A> (TA14-013A: NTP
>Amplification Attacks Using CVE-2013-5211). The advice is upgrade or
>use restrict.

Upgrade _or_ use noquery _or_ disable monitor

Information at http://support.ntp.org/security

-- 
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/



More information about the questions mailing list