Comment 3 for bug 1524750
Revision history for this message
| Andres Toomsalu (andres-active) wrote | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
demo site
(Get the code!)
We just have been hit with the problem that open NTP UDP port 123 tied with public IP (from the vrouter namespace on CTRL node, Fuel 7.0) was exploited for participating in large-scale attack, generating UDP responses to spoofed "monlist" requests that claimed to be from the attack target.
Quick alternative workaround for this particular NTP exploit was (if not introducing additional/external firewall):
"disabling the monitoring function by adding "disable monitor" to your /etc/ntp.conf file; OR alternately upgrading to the latest version, which removes the "monlist" command that is used for these attacks. "