Thanks, Sean and Bill, for the helpful links. The cloudflare.com article offers a link to SANS's ISC site with a very simple tip: just add "disable monitor" to your /etc/ntp.conf file. This works even with ntp-4.2.2p1 on RHEL 5, and is way easier than figuring if/how I can update to 4.2.7, or if Team Cymru's highly locked-down config for simple NTP clients will work OK for a 3 peer stratum 2 config like what I'm using.
Gilles
On 13/02/2014 11:29 PM, Sean Walberg wrote:
Some more technical details: http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplificat...
There's a comment at the bottom to the effect of "there's an even worse problem hiding in SNMP"
Sean
On Wed, Feb 12, 2014 at 5:57 PM, Bill Reid <billreid@shaw.ca mailto:billreid@shaw.ca> wrote:
Here is an article on the attack. http://www.informationweek.com/security/attacks-and-breaches/ddos-attack-hits-400-gbit-s-breaks-record/d/d-id/1113787 On 12/02/14 08:17, John Lange wrote: Does anyone know of a public site which documents the traffic associated with the recent NTP DDOS attacks? I'm trying to see if the attacks correlate to some packet loss we are seeing. -- John Lange _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca <mailto:Roundtable@muug.mb.ca> http://www.muug.mb.ca/mailman/listinfo/roundtable _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca <mailto:Roundtable@muug.mb.ca> http://www.muug.mb.ca/mailman/listinfo/roundtable-- Sean Walberg <sean@ertw.com mailto:sean@ertw.com> http://ertw.com/
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable