Mitigating NTP attacks against ESXi 4.1

The `monlist` command against NTP servers is being used to launch DDOS attacks.

1 May 2014 • 2 min read

ntp linux esxi

ESXi 4.1 contains a vulnerability that can be used to create an amplification attack using the molist command in NTP.

If you’re using that version, you can mitigate the issue by editing /etc/ntp.conf and adding noquery and nopeer to the restrict line 

restrict default kod nomodify notrap noquery nopeer
driftfile /etc/ntp.drift

Once done, restart NTP with /etc/init.d/ntpd restart

Published on 1 May 2014

ntp linux esxi

Other content you may be interested in....

WHM changed the way it handles backups in 11.38.

1 min read

whm backup

Sometimes you want to connect to a different set of upstream nodes from an NGINX load balancer.

3 min read

nginx load balancer

bodged with ♥ in NCL, AMS, NAP, NYC, BOS and LDN