Semi-urgent: Disable NTP replies?

Ronald F. Guilmette rfg at
Tue Feb 18 22:53:20 UTC 2014

I didn't realize it until today, but the games people are out there
playing nowadays with respect to NTP are now DRASTICALLY affecting me,
so much so that essentially 100% of my outbound bandwidth was being
used up just in sending out NTP reply packets... something that I
had never even intended to do in the first place!

So, um, I've had to put in a new stopgap ipfw rule, just to stop these
bloody &^%$#@ NTP reply packets from leaving my server, but what is
that Right Way to solve this problem?  I'm guessing that there's
something I need to add to my /etc/ntp.conf file in order to tell
my local ntpd to simply not accept incoming _query_ packets unlees
they are coming from my own LAN, yes?  But obviously, I still need it
to accept incoming ntp _reply_ packets or else my machine will never
know the correct time.

Sorry.  The answer I'm looking for is undoubtedly listed in an FAQ
someplace, but I am very much on edge right at the moment... because
I was basiaclly being DDoS'd by all of this stupid NTP traffic... and
thus I'm seeking a quick answer.

P.S.  I am apparently being flooded with incoming NTP (udp/123) packets
from *at least* the folliowing 24 IPs:

To be clear, I *do not* think that I am being targeted, or that anyone
is intentionally DDoSing me.  Rather, I suspect that I'm just being
used as a reflector or something, and that the real intended target
is elsewhere.

But I *REALLY* don't want to be a reflector, and wouldn't want to be one,
even if 100% of my own miniscule outbound bandwidth wasn't being sucked up.

P.P.S.  Who are these guys (who are actually initiating all this stuff)
anyway, and how the bleep did I manage to get on their list?

Should I just assume that they have their robots out, 24/7, searching
for anything and everything that will send NTP response packets?  I
guess that's it, yes?

More information about the freebsd-questions mailing list