Hey everyone,
I'm running an public NTP-server on a Debian-VPS as a contribution to the pool.ntp.org network I use a lot. But my provider complained repeatedly that my NTP server has been part of amplification attacks. I tried my best to research how such an attack works and how to harde the server against it, but it always seem to return. Does anyone have any tipps how to prevent such an attack vector?
I'm running ntpd v4.2.6p2 (Debian) and my ntp.conf looks like this:
driftfile /var/lib/ntp/ntp.drift statsdir /var/log/ntpstats/ driftfile /var/lib/ntp/ntp.drift statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable server ntp1.sf-bay.org iburst server louie.udel.edu iburst server ntp2.stsn.net iburst server ntp.probe-networks.de iburst restrict -4 default nomodify nopeer noquery notrap limited kod restrict -6 default nomodify nopeer noquery notrap limited kod restrict 127.0.0.1 restrict -6 ::1 disable monitor Thanks in advance for any help, as I don't want to stop providing a public server.
[link][37 comments]