[167648] in North American Network Operators' Group
Re: What's going on with NTP?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Wed Dec 25 11:59:06 2013
In-Reply-To: <8610DAD4-CC3C-46E4-B31D-6DD3D01A2BDC@kjsl.org>
From: Jared Mauch <jared@puck.nether.net>
Date: Wed, 25 Dec 2013 10:58:36 -0600
To: Javier Henderson <javier@kjsl.org>
Cc: John Levine <johnl@iecc.com>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
There have been a lot of NTP reflection attacks recently. Think the same as d=
ns amplification.=20
Make sure you restrict access and know how to look at the client list.=20
Jared Mauch
> On Dec 25, 2013, at 10:42 AM, Javier Henderson <javier@kjsl.org> wrote:
>=20
>=20
>> On Dec 25, 2013, at 11:35 AM, John Levine <johnl@iecc.com> wrote:
>>=20
>> I have two FreeBSD servers where the NTP daemons are using double digit C=
PU
>> percentages today rather than the usual 0.01%. Restarting them didn't he=
lp.
>>=20
>> The clock on my Android phone is five hours slow. (It's not the time zon=
e,
>> I checked that.)
>>=20
>> Is this just my special Christmas present, or are there screwed up NTP se=
rvers?
>=20
> I suspect your servers are being attacked. Are you seeing a lot of in/out N=
TP traffic on those FreeBSD servers?
>=20
> -jav
>=20
>=20
