Cart

    Sorry, we could not find any results for your search querry.

    How do I protect my NTP server against use in amplification attacks?

    Vulnerable NTP servers can be used as reflector in distributed reflected denial of service (DDoS) attack. In this tutorial we explain how to protect the NTP server on your Linux VPS.

     

    Step 1

    First, make sure that your operating system is up-to-date and all updates have been installed. This bug in the NTP deamon dates from 2010 and more recent versions are not vulnerable to this attack.


     

    Step 2

    Check if your own NTP server is vulnerable (Linux/FreeBSD server) using the command:

    ntpd --version

    This will show you the version of your NTP. It has to be 4.2.7p26 or higher. Alternatively you can test this using the command:

    ntpdc -n -c monlist localhost

    If you see a list of server addresses, your server is responding to the MONLIST attack.


     

    Step 3

    If your NTP server is vulnerable, add the following lines in /etc/ntp.conf (the file location may vary depending on your OS):

    restrict -4 default nomodify nopeer noquery notrap
    restrict -6 default nomodify nopeer noquery notrap
    disable monitor

    If you do not need your NTP server to respond on your public IP address, also add the following lines to your config:

    restrict 127.0.0.1
    restrict ::1

     

    Step 4

    Restart the NTP deamon to apply the changes:

    /etc/init.d/ntp restart

    You can use the following command to verify that your NTP server is not vulnerable anymore:

    ntpdc -n -c monlist localhost

     

    Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.

    Need help?

    Receive personal support from our supporters

    Contact us