NTP Monlist

Recently misconfigured or outdated NTP servers have been used in DDoS attacks aganist various organizations. This is not only a threat to the victim of the attack but also, bandwidth overage charges will apply if your server is participating in attacks without your knowledge.

What is NTP?

http://en.wikipedia.org/wiki/Network_Time_Protocol

How is it being used offensively?

http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks

If you are reading this article then your server has likely been identified as an older or misconfigured version of NTP and is vulnerable to misusage.

How can I resolve this issue?

Update to the latest version of NTPD (4.2.7, which does not use the ‘monlist’ command)
Firewall UDP port 123
Click the Cymru template below for more OS specific information

How can I check if this is fixed afterwards?

From an untrusted Linux/Unix based machine you can do this:
- [root@server ~]# ntpdc -c monlist IPADDRESS
Or you may ask any staff at Superb Tech support to check this for you

If you get a response from the IP from an untrusted source, this service is still misconfigured. If you get a timeout, the issue has been resolved.

Connect with us on social media!

© 1996– Superb Internet Corporation

Related Articles

DNS Open Resolvers

Connect with us on social media!

© 1996– var CurrentYear = new Date().getFullYear() document.write(CurrentYear) Superb Internet Corporation

© 1996– Superb Internet Corporation