Sysadmins rejoice! NSFOCUS researchers say hundreds of thousands of Network Time Protocol (NTP) servers have been patched, reducing the threat from some devastating and cheap distributed denial of service (DDoS) attacks. The patching rampage saw the number of vulnerable NTP servers drop from 432,120 at the start of the year to …
Regarding the patch...
...its about time!
Re: Regarding the patch...
"Regarding the patch...
...its about time!"
^^^ I see what you did there.
I certainly would have appreciated reading that they had already contacted the rest of the administrators to make sure they knew that they were still vulnerable.
" I certainly would have appreciated reading that they had already contacted the rest of the administrators to make sure they knew that they were still vulnerable."
Not to put too fine a point on it, but isn't keeping up with such matters for one's self part of the sysadmin's job description?
How do you suppose they do that? Subpoena ISPs for the names of their customers? Not every public-facing server has a public domain name, some are just badly misconfigured.
some may not even know
that they have a NTP server running.
Me for example I was not aware that the IPMI interface of my supermicro server at a co-lo had a NTP server running (I knew it had a NTP client). My ISP notified me a few months ago that the IPMI interface participated in a DDOS attack and I shut off the NTP client (and thus server apparently which surprised me).
It is a standalone server, so there is no firewall or anything protecting it. It is a personal server, not a business thing.
Then last week I kicked my IPMI interface offline by upgrading the firmware to fix that security problem (a problem I could not even tell if impacted me the advisory was too vague and there was no changelog information in the firmware update). So some day I'll have to drive out on site again and re-ip the interface. Love that supermicro..... (not for business)
My public NTP servers got hit by this last fall which made for an interesting afternoon here. Once I figured out the cause a quick adjustment to the ntp.conf file shut it right down.
I'm just glad I had a protocol analyzer to help me figure it out.
Or they could just run OpenNTPD and not worry about it.
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
- Human spacecraft dodge COMET CHUNKS pelting off Mars
- Downrange Are you a gun owner? Let us in OR ELSE, say Blighty's top cops