Specifically, what kind of requests are these?
Have you confirmed that you are not participating in DDOS attacks via
the monlist command? (check ntpdc -c monlist YOURIP from a remote
machine). If you've only recently corrected the monlist issue, you'll
still receive attack attempts for quite some time.
On 2/13/2014 6:18 PM, Nyamul Hassan wrote:
Hi,
Our public NTP servers have started receiving an inordinate amount of NTP
requests. In order to mitigate the problem, we find that a lot of these
queries are originating from or being sent to ports other than 123.
From the documentation, and all literature that I can find on the internet,
it seems any remote client who needs to talk to our NTP servers on UDP 123,
must also originate the request from UDP 123. Considering this, we have
firewalled any traffic for/from UDP 123 on our servers that does not
start/end in UDP 123 on the remote machines.
Could someone confirm if this is correct? Or are we blocking legitimate
reqeusts as well?
Regards
HASSAN
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
