Securing NTP


Following on from DNS Amplification DDOS attacks, more recently NTP services are being utilised for Amplification DDOS attacks to reflect traffic against other networks.

There are two major issues, which is "Monlist", and "Readvar".

Below are some basic steps, to reduce the effectiveness of these kind of attacks, by locking down the default restrictions within the configuration.

You can read up further on this at the below URL's.

Within ntpd on *nix

To Resolve most issues, you would need to add the below to /etc/ntp.conf. (This should resolve both monlist, and readvar issues).

restrict default ignore
disable monitor
disable bclient

Then restart the ntpd service (or ntp on some OS')

To test that this has worked, you can use the following queries from a remote Linux Machine


ntpq -c rv [ip]


ntpdc -n -c monlist [ip]

And expect a "connect timeout" error, if your work has been successful to secure the NTP service.

Have more questions? Submit a request