[opensuse] DDoS Attacks on gaming servers using NTP
Hallo, analyzing my network traffic i saw lot's of high volume connections from my ntpd to game servers.. googling arround (https://www.google.com/search?q=ntp+xbox+gameserver) i read about DDoS attacks using ntp. How to avoid my ntpd being used for that? installed ntp-4.2.6p5-9.3.1.x86_64 Thanks for help -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Mar 07, 2014 at 02:01:30PM +0100, Paul Neuwirth wrote:
Hallo, analyzing my network traffic i saw lot's of high volume connections from my ntpd to game servers.. googling arround (https://www.google.com/search?q=ntp+xbox+gameserver) i read about DDoS attacks using ntp. How to avoid my ntpd being used for that? installed ntp-4.2.6p5-9.3.1.x86_64
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.html Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 07/03/14 10:01, Paul Neuwirth escribió:
Hallo, analyzing my network traffic i saw lot's of high volume connections from my ntpd to game servers.. googling arround (https://www.google.com/search?q=ntp+xbox+gameserver) i read about DDoS attacks using ntp. How to avoid my ntpd being used for that? installed ntp-4.2.6p5-9.3.1.x86_64 Thanks for help
You need to apply the relevant security updates. See http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplificat... and the linked articles. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Fri, 07 Mar 2014 10:09:32 -0300
Cristian Rodríguez
El 07/03/14 10:01, Paul Neuwirth escribió:
Hallo, analyzing my network traffic i saw lot's of high volume connections from my ntpd to game servers.. googling arround (https://www.google.com/search?q=ntp+xbox+gameserver) i read about DDoS attacks using ntp. How to avoid my ntpd being used for that? installed ntp-4.2.6p5-9.3.1.x86_64 Thanks for help
You need to apply the relevant security updates.
There are no patches. You need to manually harden ntp.conf. It is impossible to implement via patch.
See http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplificat... and the linked articles.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El vie 07 mar 2014 12:30:19 CLST, Andrey Borzenkov escribió:
There are no patches. You need to manually harden ntp.conf. It is impossible to implement via patch.
Yeah, I noticed that after writing the message. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Andrey Borzenkov wrote:
В Fri, 07 Mar 2014 10:09:32 -0300 Cristian Rodríguez
пишет: El 07/03/14 10:01, Paul Neuwirth escribió:
Hallo, analyzing my network traffic i saw lot's of high volume connections from my ntpd to game servers.. googling arround (https://www.google.com/search?q=ntp+xbox+gameserver) i read about DDoS attacks using ntp. How to avoid my ntpd being used for that? installed ntp-4.2.6p5-9.3.1.x86_64 Thanks for help
You need to apply the relevant security updates.
There are no patches. You need to manually harden ntp.conf. It is impossible to implement via patch.
And if you're not running a public NTP service, blocking port 123 in the firewall ought to be sufficient. -- Per Jessen, Zürich (10.8°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Andrey Borzenkov
-
Cristian Rodríguez
-
Marcus Meissner
-
Paul Neuwirth
-
Per Jessen