3 Replies Latest reply: Jan 31, 2014 1:02 PM by seebvey RSS

    NTP DoS refelction attack

    seebvey

      Hi Guys,

       

      in Germany actually there are a lot of NTP DoS attacks running.

       

      If you NTP Server on the Sidewinder is reachable from external, please add these line to you ntp.conf.<burbnumber or zonename of external zone>: (/secureos/etc/ntp/ntp.conf.external)

       

      restrict default kod nomodify notrap nopeer noquery

      restrict -6 default kod nomodify notrap nopeer noquery

      restrict 127.0.0.0 mask 255.0.0.0

      restrict -6 ::1

       

       

      Save and restart the ntp daemon. cf daemond restart agent=ntp

       

      Attention: After a Firewall reboot or a GUI change of the NTP Settings, these line are gone!

       

       

      @McAfee

      Maybe you can publish a NTP-Patch for the Sidewinder Firewall.

       

      More Information:

      https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks

       

      regards

      Sebastian