Vulnerable NTP servers can be used as reflector in distributed reflected denial of service (DDoS) attack. In this tutorial we explain how to protect the NTP server on your Linux VPS.
Step 1
First, make sure that your operating system is up-to-date and all updates have been installed. This bug in the NTP deamon dates from 2010 and more recent versions are not vulnerable to this attack.
Step 2
Check if your own NTP server is vulnerable (Linux/FreeBSD server) using the command:
ntpd --version
This will show you the version of your NTP. It has to be 4.2.7p26 or higher. Alternatively you can test this using the command:
ntpdc -n -c monlist localhost
If you see a list of server addresses, your server is responding to the MONLIST attack.
Step 3
If your NTP server is vulnerable, add the following lines in /etc/ntp.conf (the file location may vary depending on your OS):
restrict -4 default nomodify nopeer noquery notrap restrict -6 default nomodify nopeer noquery notrap disable monitor
If you do not need your NTP server to respond on your public IP address, also add the following lines to your config:
restrict 127.0.0.1 restrict ::1
Step 4
Restart the NTP deamon to apply the changes:
/etc/init.d/ntp restart
You can use the following command to verify that your NTP server is not vulnerable anymore:
ntpdc -n -c monlist localhost
Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.