Nano Servers Inc - Enterprise Web Solutions
Call us: 1-347-414-9117
  1. Home
  2. Ask
  3. NTP Monlist

NTP Monlist

Recently misconfigured or outdated NTP servers have been used in DDoS attacks aganist various organizations. This is not only a threat to the victim of the attack but also, bandwidth overage charges will apply if your server is participating in attacks without your knowledge.

 

What is NTP?

http://en.wikipedia.org/wiki/Network_Time_Protocol

 

How is it being used offensively?

http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks

 

If you are reading this article then your server has likely been identified as an older or misconfigured version of NTP and is vulnerable to misusage.

 

How can I resolve this issue?

  • Update to the latest version of NTPD (4.2.7, which does not use the monlist command)
  • Firewall UDP port 123
  • Click the Cymru template below for more OS specific information

Where can I find a template to help me?

http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html

 

How can I check if this is fixed afterwards?

  • From an untrusted Linux/Unix based machine you can do this:
    • [root@server ~]# ntpdc -c monlist IPADDRESS
  • Or you may ask any staff at NanoServers Tech support to check this for you

If you get a response from the IP from an untrusted source, this service is still misconfigured. If you get a timeout, the issue has been resolved.

 

 

 

NTP Monlist Abuse Policy Enforcement