Thanks again. Justin _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
I have two machines that participate in the ntp pool project, and I
received an abuse email today. Basically, my server was DDOS someone
else, ntp reflection attack. Obviously that is not something I want to
do. By default my ntp server allows any that connect to port 123.
These ddos were sending the responses back to someone's port 80, which
is causing me the headache. My first step will be to lock the ntp down
to port 123 and ports above 1024 for people behind a nat. I was also
going to place iptables rate limit. Is there anything else I should be
doing? I have read about the restrict limited and discard statement in
ntp.conf, but I'm not sure if that will help here. All my solutions have
been outside ntp.conf, so I know I have to be overlooking something. I
have never had problems with aggressive clients or ntp reflection dos
before. I also really do not care about aggressive clients even now.
The system particulars, Ubuntu 13.10/x86, which uses ntp
4.2.6.p5+dfsg-3ubuntu2. Any assistance is welcomed.
- [Pool] DDOS using my ntp server Justin
- Re: [Pool] DDOS using my ntp server Tim Bray
- Re: [Pool] DDOS using my ntp server AlbyVA
- Re: [Pool] DDOS using my ntp server Marek Podmaka
- Re: [Pool] DDOS using my ntp server Brian Rak
- Re: [Pool] DDOS using my ntp server Koos van den Hout
- Re: [Pool] DDOS using my ntp server Daniel Frank
- Re: [Pool] DDOS using my ntp server AlbyVA
- Re: [Pool] DDOS using my ntp server Ask Bjørn Hansen
- Re: [Pool] DDOS using my ntp server Anssi Johansson
