Login
    Contents x
    Securing NTP
    • 08 Feb 2023
    • 1 Minute to read
    • Print
    • Dark
      Light
    Contents

    Securing NTP

    • Updated on 08 Feb 2023
    • 1 Minute to read
    • Print
    • Dark
      Light
    Article summary

    Following on from DNS Amplification DDOS attacks, more recently NTP services are being utilised for Amplification DDOS attacks to reflect traffic against other networks.
    There are two major issues, which is "Monlist", and "Readvar".
    Below are some basic steps, to reduce the effectiveness of these kinds of attacks, by locking down the default restrictions within the configuration which can be read up further on at the below URL's:
    NTP-Version
    NTP-Monitor

    Within ntpd on *nix

    To Resolve most issues, you would need to add the below to /etc/ntp.conf. (This should resolve both monlist, and readvar issues).

    restrict default ignore

disable monitor

disable bclient

    Then restart the ntpd service (or ntp on some OS').
    To test that this has worked, you can use the following queries from a remote Linux Machine:

    Readvar:

    ntpq -c rv [ip]

    Monlist:

    ntpdc -n -c monlist [ip]

    And expect a "connect timeout" error, if your work has been successful to secure the NTP service.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence