On 13 Jan 2014, at 21:13 , Derek Andrew <derek.and...@usask.ca> wrote:
> nmap -sU -pU:123 -Pn -n --script=ntp-monlist serverIP Make that “all server IPs” if on different subnets, address families, ... > On Mon, Jan 13, 2014 at 3:07 PM, Jared Mauch <ja...@puck.nether.net> wrote: > >> 4) Please prevent packet spoofing where possible on your network. This >> will limit the impact of spoofed NTP or DNS (amongst others) packets from >> impacting the broader community. BCP38! I am always surprised when people need crypto if they fail the simple things. >> 5) Some vendors don’t have an easy way to alter the ntp configuration, or >> have not or won’t be updating NTP, you may need to use ACLs, firewall >> filters, or other methods to block this traffic. I’ve heard of many >> routers being used in attacks impacting the CPU usage. >> >> Take a moment and see if your devices respond to the following >> query/queries: >> >> ntpdc -n -c monlist 10.0.0.1 >> ntpdc -n -c loopinfo 10.0.0.1 >> ntpdc -n -c iostats 10.0.0.1 And no matter if you use the above nmap or these instructions to check, also check your IPv6 addresses! You need 'restrict -6 default ignore' lines or similar as well, not just a restrict default ignore. — Bjoern A. Zeeb ????????? ??? ??????? ??????: '??? ??? ???? ?????? ??????? ?? ?? ??????? ??????? ??? ????? ????? ???? ?????? ?? ????? ????', ????????? ?????????, "??? ????? ?? ?????", ?.???