[Nix-dev] ntp monlist ddos vulnerability

Mathijs Kwik mathijs at bluescreen303.nl
Mon Feb 24 17:27:58 CET 2014


Hi all,

Our ntpd version (stable, 2011) contains a feature called 'monlist',
which is enabled by default. This feature has recently been abused by
huge ntp-amplification ddos attacks.

However, the vulnerability has only been fixed in the development
version and security firms recommend upgrading to that (at least
v4.2.7p26, 03/2010 release, so not really bleeding edge).

Another option is to disable the problematic 'monlist' service in our
current version by adding a line to the config file "disable
monitor". However, the replacement 'mrulist' functionality is only
available in the development release, so just disabling monlist probably
cripples operations (I'm not very familiar with ntp).

Given the fact that the stable release hasn't been updated with a fix, I
would suggest we start following development releases for ntp, because
there are probably other issues lurking in stable.
Does anyone object to that? Or does anyone propose a different solution?

http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks

Regards,
Mathijs


More information about the nix-dev mailing list