Thanks, Sean and Bill, for the helpful links. The cloudflare.com article offers a link to SANS's ISC site with a very simple tip: just add "disable monitor" to your /etc/ntp.conf file. This works even with ntp-4.2.2p1 on RHEL 5, and is way easier than figuring if/how I can update to 4.2.7, or if Team Cymru's highly locked-down config for simple NTP clients will work OK for a 3 peer stratum 2 config like what I'm using. Gilles On 13/02/2014 11:29 PM, Sean Walberg wrote:
Some more technical details: http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplificat...
There's a comment at the bottom to the effect of "there's an even worse problem hiding in SNMP"
Sean
On Wed, Feb 12, 2014 at 5:57 PM, Bill Reid <billreid@shaw.ca <mailto:billreid@shaw.ca>> wrote:
Here is an article on the attack.
http://www.informationweek.com/security/attacks-and-breaches/ddos-attack-hit...
On 12/02/14 08:17, John Lange wrote:
Does anyone know of a public site which documents the traffic associated with the recent NTP DDOS attacks?
I'm trying to see if the attacks correlate to some packet loss we are seeing.
-- John Lange
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca <mailto:Roundtable@muug.mb.ca> http://www.muug.mb.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca <mailto:Roundtable@muug.mb.ca> http://www.muug.mb.ca/mailman/listinfo/roundtable
-- Sean Walberg <sean@ertw.com <mailto:sean@ertw.com>> http://ertw.com/
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- Gilles R. Detillieux E-mail: <grdetil@scrc.umanitoba.ca> Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/ Dept. Physiology, U. of Manitoba Winnipeg, MB R3E 0J9 (Canada)