NTP Reflection Attack

In order to avoid NTP reflection attack , you need to disable the monlist command support or this can also be fixed by updating NTP to 4.2.7

vi /etc/ntp.conf

restrict -4 default nomodify nopeer noquery notrap
restrict -6 default nomodify nopeer noquery notrap
# allow NTP messages from the loopback address, useful for debugging
restrict 127.0.0.1
restrict ::1
# server(s) we time sync to
server pool.ntp.org
driftfile /etc/ntp.drift

You may also like...