NTP BUG 1532: DRDoS/Amplification Attack using ntpdc monlist command
Last update: June 28, 2022 20:06 UTC (57417e17c)
||24 Apr 2010
||All releases prior to 4.2.7p26.
||Resolved in 4.2.7p26.
Unrestricted access to the
monlist feature in
ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged
REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
- Upgrade to 4.2.7p26 or later.
- Users of versions before 4.2.7p26 should either:
noquery in your default restrictions to block all status queries.
disable monitor to disable the
ntpdc -c monlist command while still allowing other status queries.