• Industry Solutions
    • Managed Service Providers
    • Enterprise Solutions
    • Developers & Startups
    • Healthcare
    • Trading and Financial
      • Chicago Managed Trading Servers
      • Trading and Financial Colocation: Chicago & New Jersey
    • IBM AS/400 and iSeries Users
  • Support
    • Register
    • View Tickets
    • Submit a Ticket
    • Knowledgebase
    • News
  • Steadfast Blog
  • Steadfast Podcasts
  • Contact Us
Home
  • Call Us
  • Call | 888.281.9449
  • Login
  • Search

This form logs you into your management portal account. To access your help desk account, click here and use the form to the right of the news.

  • Cloud Hosting
    • Cloud Hosting
    • Private Cloud
    • Hybrid Cloud
    • Public Cloud
    • Cloud Storage
      • Secure File Share
      • Wasabi Cloud Storage
    • Virtual Data Center Platform
  • Managed Hosting
    • Bare Metal Dedicated Servers
      • Deep Learning GPU Dedicated Servers
      • Linux Dedicated Servers
      • Windows Dedicated Servers
    • Virtual Private Servers
    • Data Center Colocation
      • Managed Colocation
      • Chicago: 350 E Cermak
      • Chicago: 725 S Wells
      • Edison, New Jersey
    • Security & Compliance
      • Managed Firewall
      • SSL VPN
      • DDoS Protection
      • Email Security
  • Backup & Disaster Recovery
    • Backup
    • Disaster Recovery
    • Veeam Backup & Replication
    • Veeam Cloud Connect
    • Wasabi Cloud Storage
  • Why Steadfast
    • Why Steadfast?
    • About Steadfast
      • Our History
      • News and Press
    • Data Centers & Network
      • Our Data Centers
      • Our Network
      • Network Test
      • Peering Policy
    • Customer Stories
    • Service Level Agreement
  • Industry Solutions
    • Managed Service Providers
    • Enterprise Solutions
    • Developers & Startups
    • Healthcare
    • Trading and Financial
      • Chicago Managed Trading Servers
      • Trading and Financial Colocation: Chicago & New Jersey
    • IBM AS/400 and iSeries Users
  • Support
    • Register
    • View Tickets
    • Submit a Ticket
    • Knowledgebase
    • News
  • Steadfast Blog
  • Steadfast Podcasts
  • Contact Us
Close
  • Support Home
  • Register
  • Submit a Ticket
  • Knowledgebase
  • News
 Login Subscribe

Log into the help desk to manage support tickets.


Lost password

Subscribe to general maintenance announcements and advisories.



 
 Knowledgebase
39Steadfast Cloud Platform 3Full Management 38Dedicated Servers & Colocation 4Control Panels 19Other
Search
Knowledgebase: Other
Preventing NTP Amplification Attacks
Posted by Ben Galliart, Last modified by Kevin Stange on 23 March 2015 02:16 PM

In Febuary 2014, the Open NTP Project identified many addresses on our network that were of moderate to severe risk of participating in a NTP amplification attack. This attack queries NTP servers for large results using a fake source address. This request causes the response to go back to the faked address, resulting in a large amount of data being sent to a computer that did not request it. This effect, when used with thousands of NTP servers, directs a very large amount of traffic to a single IP to form an efficient distributed attack. The Content Delivery Network, CloudFlare, was recently the victim of an attack using this technique.

You can confirm your server is affected by querying the server from a Linux or Mac command line on a separate computer:

ntpdc -n -c monlist <server ip>

or

ntpq -c rv <server ip>

If the result to either of these commands is not “timed out, nothing received” then your server allows queries that it should not.

On servers running GNU/Linux CentOS version 5 or version 6, the problem usually can be resolved simply by restricting the types of NTP queries that are permitted by default.  This can be done in the /etc/ntp.conf file with the following:

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

The NTP service will need to then be restarted for the change to take effect.  This can be done on CentOS by running as root:

/sbin/service ntpd restart

For advice on how to adjust a server to prevent NTP amplification or limit the IP ranges that can make NTP queries, or any other questions about the topics discussed in this article, please visit our Help Desk or email us. NTP consulting is covered under managed services.

(0 vote(s))
Helpful
Not helpful

Comments (0)

I consent to allow Steadfast to process my data and agree to the Acceptable Use and Privacy Policies

  • 312.602.2689
  • ColoHouse Sales
  • Facebook
  • Twitter
  • YouTube
  • LinkedIn

Services

  • Cloud Hosting
  • Managed Hosting
  • Backup & Disaster Recovery

Solutions By Industry

  • Enterprise Solutions
  • Trading & Financial
  • Healthcare
  • Developers & Startups
© 2023 Steadfast
  • Log In
  • Site Map
  • Legal Info & Privacy Policy