[Cialug] ntp exploit
David Champion
dchamp1337 at gmail.com
Thu Feb 13 12:07:04 CST 2014
For more information, see:
https://www.us-cert.gov/ncas/alerts/TA14-013A
-dc
On Thu, Feb 13, 2014 at 11:56 AM, David Champion <dchamp1337 at gmail.com>wrote:
> If your'e running ntpd, there is a common attack going on.
>
> If you don't need it to be a public server, just as a client, please do
> this simple fix:
>
> Edit your ntp.conf, add this line:
>
> restrict default ignore
>
> To test if you're vulnerable, use the command:
>
> ntpdc <server name or ip>
>
> Type "monlist", it should give back no response or a similar error.
>
> <server name>: timed out, nothing received
> ***Request timed out
>
> If it starts listing a bunch of server names or IP's, you're open. Fix. It.
>
> You can also restrict NTP access with your firewall if you're running a
> ntpd server.
>
> -dc
>
More information about the Cialug
mailing list