[Nix-dev] ntp monlist ddos vulnerability

Mathijs Kwik mathijs at bluescreen303.nl
Mon Feb 24 19:24:44 CET 2014


sorry for the noise, we are fine.

The link in your commit explains it.
noquery does the trick indeed.

On Mon, Feb 24, 2014 at 7:22 PM, Mathijs Kwik <mathijs at bluescreen303.nl> wrote:
> Eelco Dolstra <eelco.dolstra at logicblox.com> writes:
>
>> On 24/02/14 17:27, Mathijs Kwik wrote:
>>
>>> Our ntpd version (stable, 2011) contains a feature called 'monlist',
>>> which is enabled by default. This feature has recently been abused by
>>> huge ntp-amplification ddos attacks.
>>
>> AFAIK, this commit works around the problem:
>>
>> https://github.com/NixOS/nixpkgs/commit/9e7fe29e416736bf2be5aeaf7adbad05d4e175cf
>
> I think it needs 1 more line:
> disable monitor
>
> My hosting provider sent me this: (in dutch)
> https://www.transip.nl/vragen/583-bescherm-mijn-server-tegen-misbruik
>
> Do you think we should add that too?


More information about the nix-dev mailing list