Article overview

Help article

How do I protect my NTP server against use in amplification attacks?

In this FAQ-article we will explain how to protect your NTP server.

1. First, you must make sure that the operating system is up-to-date and all updates have been installed. This bug in the NTP deamon dates from 2010 and more recent versions are not vulnerable to this attack.

2. Check if your own NTP server is vulnerable (Linux/FreeBSD server):

ntpd --version

This will show you the version of your NTP. It has to be 4.2.7p26 or higher

You could also do this:

ntpdc -n -c monlist localhost

If you see a list of server addresses, your server is responding to the MONLIST attack.

3. If your NTP server is vulnerable, you can add the following lines in /etc/ntp.conf (in Debian)

restrict -4 default nomodify nopeer noquery notrap
restrict -6 default nomodify nopeer noquery notrap
disable monitor

If you do not need your NTP server to respond on your public IP address, also add the following lines to your config:

restrict 127.0.0.1
restrict ::1

Do not forget to reboot the NTP deamon to apply the changes.

/etc/init.d/ntp restart

Run the following command to verify if your NTP server is not vulnerable anymore:

ntpdc -n -c monlist localhost

Do you have a good idea?

Give us your idea! If it's popular we'll add it to the wishlist!

Has this article been helpful?

Create an account or log in to leave a rating.

Comments

Create an account or log in to be able to leave a comment.

Are you stuck?

Ask one of our specialists to assist you

Contact us