Recently misconfigured or outdated NTP servers have been used in DDoS attacks aganist various organizations. This is not only a threat to the victim of the attack but also, bandwidth overage charges will apply if your server is participating in attacks without your knowledge. 

What is NTP?

http://en.wikipedia.org/wiki/Network_Time_Protocol

How is it being used offensively?

http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks

If you are reading this article then your server has likely been identified as an older or misconfigured version of NTP and is vulnerable to misusage. 

How can I resolve this issue?

  • Update to the latest version of NTPD (4.2.7, which does not use the ‘monlist’ command)
  • Firewall UDP port 123
  • Click the Cymru template below for more OS specific information

How can I check if this is fixed afterwards?

  • From an untrusted Linux/Unix based machine you can do this:
    • [root@server ~]# ntpdc -c monlist IPADDRESS
  • Or you may ask any staff at Superb Tech support to check this for you

If you get a response from the IP from an untrusted source, this service is still misconfigured. If you get a timeout, the issue has been resolved.