Re: ddos attack blog

[Mark Tinka <mark.tinka () seacom mu>]

On Friday, February 14, 2014 03:01:27 AM Jared Mauch wrote:

> I would actually like to ask for those folks to un-block
> NTP so there is proper data on the number of hosts for
> those researching this.  The right thing to do is
> reconfigure them.  I've seen a good trend line in NTP
> servers being fixed, and hope we will see more of that
> in the next few weeks.

Depending on your OS, the fixes can be quite simple or 
interesting.

On my FreeBSD servers, simply updating with "freebsd-update" 
was enough to fix the issue (in addition to limiting 
who/what can access the service).

On Cisco devices, the ACL's you can attach to the NTP 
process are quite effective.

On Juniper devices, it is less intuitive, and even though 
NTP is enabled only as a client, it, sadly, runs the server 
as well. A firewall filter helps here when applied 
correctly.

Can't speak to other OS's.

Mark.

Attachment: signature.asc
Description: This is a digitally signed message part.