[Pool] DDoS Type Attack
timekeeper at miuku.net
Thu Feb 13 23:29:57 UTC 2014
Nyamul Hassan kirjoitti:
> From the documentation, and all literature that I can find on the internet,
> it seems any remote client who needs to talk to our NTP servers on UDP 123,
> must also originate the request from UDP 123. Considering this, we have
> firewalled any traffic for/from UDP 123 on our servers that does not
> start/end in UDP 123 on the remote machines.
> Could someone confirm if this is correct? Or are we blocking legitimate
> reqeusts as well?
You are blocking legitimate requests as well. One example: traffic
coming from behind NAT firewalls. NAT changes the source port to some
Adding "limited kod" to your "restrict default" line in ntp.conf is
usually a rather good countermeasure. I would also suggest adding
"noquery" to that line to prevent the recent NTP amplification attacks.
See http://support.ntp.org/bin/view/Support/AccessRestrictions and
More information about the pool