[167649] in North American Network Operators' Group
Re: What's going on with NTP?
daemon@ATHENA.MIT.EDU (David Ford)
Wed Dec 25 13:38:08 2013
Date: Wed, 25 Dec 2013 13:37:36 -0500
From: David Ford <david@blue-labs.org>
To: nanog@nanog.org
In-Reply-To: <20131225163540.13345.qmail@joyce.lan>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/25/2013 11:35 AM, John Levine wrote:
> I have two FreeBSD servers where the NTP daemons are using double digit CPU
> percentages today rather than the usual 0.01%. Restarting them didn't help.
>
> The clock on my Android phone is five hours slow. (It's not the time zone,
> I checked that.)
>
> Is this just my special Christmas present, or are there screwed up NTP servers?
>
> Regards,
> John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
> Please consider the environment before reading this e-mail. http://jl.ly
>
you probably need to configure them correctly with:
restrict default ignore
and add additional restrict lines if you have need for other legitimate
servers to make contact with them. i suspect right now you're providing
an ntp amplification attack to the spoofed source address.
-david
