[Nix-dev] ntp monlist ddos vulnerability
Mathijs Kwik
mathijs at bluescreen303.nl
Mon Feb 24 19:22:49 CET 2014
Eelco Dolstra <eelco.dolstra at logicblox.com> writes:
> On 24/02/14 17:27, Mathijs Kwik wrote:
>
>> Our ntpd version (stable, 2011) contains a feature called 'monlist',
>> which is enabled by default. This feature has recently been abused by
>> huge ntp-amplification ddos attacks.
>
> AFAIK, this commit works around the problem:
>
> https://github.com/NixOS/nixpkgs/commit/9e7fe29e416736bf2be5aeaf7adbad05d4e175cf
I think it needs 1 more line:
disable monitor
My hosting provider sent me this: (in dutch)
https://www.transip.nl/vragen/583-bescherm-mijn-server-tegen-misbruik
Do you think we should add that too?
More information about the nix-dev
mailing list