Re: [nznog] NTP reflection used for world's largest DDoS

On Feb 11, 2014, at 11:34 AM, Michael Fincham wrote:

Before Roland appears and mentions it, try and avoid putting a stateful firewall in front of stuff :)

Naming calls. ;> Also, it's not just monlist which can be abused, but various level-6/level-7 commands such as monlist, sysstats, showpeer, peers, listpeers, et. al. They should all be disallowed on public interfaces of boxen running various ntpds. ----------------------------------------------------------------------- Roland Dobbins // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton