[Pool] DDOS using my ntp server

Klaus Hartnegg Klaus.Hartnegg at BlickZentrum.de
Sun Dec 29 23:09:38 UTC 2013


On 05.11.2013 04:54, Justin wrote:
 > received an abuse email today. Basically, my server was DDOS someone
 > else, ntp reflection attack.

Symantec has noticed ntp reflection attacks in the last few weeks:
http://isc.sans.edu/diary/NTP+reflection+attack/17300

They say that the attackers use the monlist command like in
ntpdc –n –c monlist 127.0.0.1

The protection is to add 'disable monitor' to /etc/ntp.conf.

My ntp server (ubuntu, probably 10.04) does not answer to monlist.

Klaus


More information about the pool mailing list