Semi-urgent: Disable NTP replies?
Ronald F. Guilmette
rfg at tristatelogic.com
Tue Feb 18 22:53:20 UTC 2014
I didn't realize it until today, but the games people are out there
playing nowadays with respect to NTP are now DRASTICALLY affecting me,
so much so that essentially 100% of my outbound bandwidth was being
used up just in sending out NTP reply packets... something that I
had never even intended to do in the first place!
So, um, I've had to put in a new stopgap ipfw rule, just to stop these
bloody &^%$#@ NTP reply packets from leaving my server, but what is
that Right Way to solve this problem? I'm guessing that there's
something I need to add to my /etc/ntp.conf file in order to tell
my local ntpd to simply not accept incoming _query_ packets unlees
they are coming from my own LAN, yes? But obviously, I still need it
to accept incoming ntp _reply_ packets or else my machine will never
know the correct time.
Sorry. The answer I'm looking for is undoubtedly listed in an FAQ
someplace, but I am very much on edge right at the moment... because
I was basiaclly being DDoS'd by all of this stupid NTP traffic... and
thus I'm seeking a quick answer.
P.S. I am apparently being flooded with incoming NTP (udp/123) packets
from *at least* the folliowing 24 IPs:
To be clear, I *do not* think that I am being targeted, or that anyone
is intentionally DDoSing me. Rather, I suspect that I'm just being
used as a reflector or something, and that the real intended target
But I *REALLY* don't want to be a reflector, and wouldn't want to be one,
even if 100% of my own miniscule outbound bandwidth wasn't being sucked up.
P.P.S. Who are these guys (who are actually initiating all this stuff)
anyway, and how the bleep did I manage to get on their list?
Should I just assume that they have their robots out, 24/7, searching
for anything and everything that will send NTP response packets? I
guess that's it, yes?
More information about the freebsd-questions