[Cialug] ntp exploit
David Champion
dchamp1337 at gmail.com
Thu Feb 13 11:56:19 CST 2014
If your'e running ntpd, there is a common attack going on.
If you don't need it to be a public server, just as a client, please do
this simple fix:
Edit your ntp.conf, add this line:
restrict default ignore
To test if you're vulnerable, use the command:
ntpdc <server name or ip>
Type "monlist", it should give back no response or a similar error.
<server name>: timed out, nothing received
***Request timed out
If it starts listing a bunch of server names or IP's, you're open. Fix. It.
You can also restrict NTP access with your firewall if you're running a
ntpd server.
-dc
More information about the Cialug
mailing list