The `monlist` command against NTP servers is being used to launch DDOS attacks.
1 May 2014 • 2 min readntp linux esxi
ESXi 4.1 contains a vulnerability that can be used to create an amplification attack using the molist command in NTP.
If you’re using that version, you can mitigate the issue by editing
/etc/ntp.conf and adding
nopeer to the restrict line
restrict default kod nomodify notrap noquery nopeer restrict 127.0.0.1 driftfile /etc/ntp.drift
Once done, restart NTP with
bodged with ♥ in NCL, AMS, NAP, NYC, BOS and LDN