Recently misconfigured or outdated NTP servers have been used in DDoS attacks aganist various organizations. This is not only a threat to the victim of the attack but also, bandwidth overage charges will apply if your server is participating in attacks without your knowledge.
What is NTP?
How is it being used offensively?
If you are reading this article then your server has likely been identified as an older or misconfigured version of NTP and is vulnerable to misusage.
How can I resolve this issue?
- Update to the latest version of NTPD (4.2.7, which does not use the ‘monlist’ command)
- Firewall UDP port 123
- Click the Cymru template below for more OS specific information
How can I check if this is fixed afterwards?
- From an untrusted Linux/Unix based machine you can do this:
- [root@server ~]# ntpdc -c monlist IPADDRESS
- Or you may ask any staff at Superb Tech support to check this for you
If you get a response from the IP from an untrusted source, this service is still misconfigured. If you get a timeout, the issue has been resolved.