Sign in / up

back to article Sysadmins rejoice! Patch rampage killing off nasty DDoS attack vector

Sysadmins rejoice! NSFOCUS researchers say hundreds of thousands of Network Time Protocol (NTP) servers have been patched, reducing the threat from some devastating and cheap distributed denial of service (DDoS) attacks. The patching rampage saw the number of vulnerable NTP servers drop from 432,120 at the start of the year to …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Cipher
    Joke

    Regarding the patch...

    ...its about time!

    6 0
    1. ecarlseen
      Reply Icon

      Re: Regarding the patch...

      "Regarding the patch...

      ...its about time!"

      ^^^ I see what you did there.

      1 0
  2. Anonymous Coward
    Anonymous Coward

    I certainly would have appreciated reading that they had already contacted the rest of the administrators to make sure they knew that they were still vulnerable.

    0 0
    1. Cipher
      Reply Icon

      " I certainly would have appreciated reading that they had already contacted the rest of the administrators to make sure they knew that they were still vulnerable."

      Not to put too fine a point on it, but isn't keeping up with such matters for one's self part of the sysadmin's job description?

      3 0
      1. Nate Amsden
        Reply Icon

        some may not even know

        that they have a NTP server running.

        Me for example I was not aware that the IPMI interface of my supermicro server at a co-lo had a NTP server running (I knew it had a NTP client). My ISP notified me a few months ago that the IPMI interface participated in a DDOS attack and I shut off the NTP client (and thus server apparently which surprised me).

        It is a standalone server, so there is no firewall or anything protecting it. It is a personal server, not a business thing.

        Then last week I kicked my IPMI interface offline by upgrading the firmware to fix that security problem (a problem I could not even tell if impacted me the advisory was too vague and there was no changelog information in the firmware update). So some day I'll have to drive out on site again and re-ip the interface. Love that supermicro..... (not for business)

        0 0
    2. foxyshadis
      Reply Icon

      How do you suppose they do that? Subpoena ISPs for the names of their customers? Not every public-facing server has a public domain name, some are just badly misconfigured.

      1 2
  3. Servman

    My public NTP servers got hit by this last fall which made for an interesting afternoon here. Once I figured out the cause a quick adjustment to the ntp.conf file shut it right down.

    I'm just glad I had a protocol analyzer to help me figure it out.

    1 0
  4. ecarlseen

    Or they could just run OpenNTPD and not worry about it.

    0 0
This topic is closed for new posts.

Other stories you might like