• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
TimeTools Logo

TimeTools

GPS NTP Network Time Servers and Time Synchronization Solutions

  • Products
    • NTP Server Appliances
    • NTP Wall Clocks
    • GPS Signal Distribution
    • GNSS Timing Antennas
    • Installation Accessories
  • How To Buy
  • Company
    • About TimeTools
    • Customer Reference List
    • Customer Testimonials
    • Management Team
  • Compliance
    • Quality Management and Compliance
    • EU WEEE Directive
    • Export Compliance
  • Support
    • User Guides and Manuals
    • T-Series Firmware Updates
    • SR-SC Series Firmware Updates
    • SR\SC Series
    • Installation
    • NTP
    • Security
  • Contact Us
You are here: Home / Support / Security / NTP Reflection Distributed Denial of Service (DDoS) Attacks

NTP Reflection Distributed Denial of Service (DDoS) Attacks

July 11, 2017 by Editorial Staff

Symantec, the computer security solutions company, has reported a large number of NTP reflection distributed denial of service (DDoS) attacks over the December 2013 Christmas period.

What is a NTP Reflection Attack?

A reflection attack is conducted by an attacker sending a small forged packet of information to a server that requests a much larger packet of information be sent to a target IP address. In the case of NTP, attackers are targeting the ‘monlist’ function.

The monlist function can be used remotely to instruct a NTP server to send a list of the last 600 hosts that have contacted the server. This function potentially provides attackers with an ideal facility to carry out a DDoS attack because a small packet of information can redirect a large amount of traffic to a designated host.

By disabling the monlist function in your NTP server, you can protect yourself from being inadvertently involved in a DDoS attack by hackers.

Disabling the ‘Monlist’ Function

The monlist function can easily be disabled by simply specifying the ‘restrict’ function in the NTP configuration file. Simply log onto the SR-series configuration pages using a web-browser and select the NTP button to go to the ‘NTP Configuration Menu’. Then select the ‘Edit NTP Configuration’ button to go to the ‘Edit Additional NTP Options’ page. Here you can enter the restrict function in the format below to disable the monlist function:

restrict default kod nomodify notrap nopeer noquery

When the restrict function has been added to the configuration file, save the file by clicking the ‘Save File’ button. The ‘NTP Configuration Menu’ will now be re-displayed. The NTP service now needs to be restarted for the changes to take effect by clicking the ‘Submit’ button.

Check the Log messages for any configuration errors to ensure that the command has been accepted by the NTP service and not mistyped. NTP only reports errors, so if there are no errors reported for the modified configuration, it will have been successfully accepted. However, if you see an error similar to the one below, check that you did not mistype the restrict configuration line in the NTP configuration file.

Jan 20 11:56:29 (none) daemon.err ntpd[1384]: 
     configure: keyword "restrictt" unknown, line ignored

If no error is present in the log file, the monlist function should now be disabled. After restarting the NTP service, it will take 15 to 20 minutes for NTP to restart and re-synchronize itself to the configured reference clocks.

Filed Under: Security

Primary Sidebar

Product Information

  • All Products
  • GPS & GNSS NTP Servers
    • T550
    • T300
    • T100
  • NTP Wall Clocks
    • T-ONT4xx
    • T-ONT6xx
    • T-ONTA12
  • GPS Signal Distribution
    • Splitters
    • Optical Fiber Link
  • GNSS Timing Antennas
    • T-3040
    • T-3740
  • Installation Accessories

Useful Information

  • Frequently Asked Questions
  • An Introduction To NTP
  • A Guide To GPS NTP Servers
  • NTP Best Practices
  • Hardware Reference Clocks: GPS, Multi-GNSS or Radio ?
  • Installing a T-Series NTP Server

Web Site Information

  • Privacy Policy
  • Standard Terms & Conditions For Sale Of Goods
  • Web-Site Terms Conditions
TimeTools is an ISO9001:2015 Registered Company

UK Sales: 01902 897400
International Sales: +44 1902 897400

Email: Sales@TimeToolsLtd.com

Footer

Web Site Information

  • Privacy Policy
  • Standard Terms & Conditions For Sale Of Goods
  • Web-Site Terms Conditions

Post Categories

  • News
  • NTP Posts
  • GPS Posts
  • Master Clock Posts
  • Time Synchronization Posts
  • All Categories

TimeTools Limited.
2 Silverend Business Park,
Brettell Lane,
Brierley Hill. DY5 3LG.
United Kingdom.

UK Sales: 01902 897400
International Sales: +44 1902 897400

Email: Sales@TimeToolsLtd.com

  • E-mail
  • Facebook
  • LinkedIn
  • Twitter

Copyright © 2021 TimeTools Limited. All Rights Reserved. All Trademarks Acknowledged.

This website uses cookies to ensure you get the best experience on our website.OkPrivacy Policy