# ntpd is broken, maxes out connection breaking other services



## Yvan (Dec 31, 2013)

The title says it. This started happening a week or two ago. All my services such as imapd, smtpd, httpd started timing out. A large number of packets were being dropped. *See image.*

ntpd.conf is stock, except for:

```
server 0.CA.pool.ntp.org iburst maxpoll 9
server 1.CA.pool.ntp.org iburst maxpoll 9
server 2.CA.pool.ntp.org iburst maxpoll 9
```


```
# ntpd --version
ntpd - NTP daemon program - Ver. 4.2.4p8

#uname -v
FreeBSD 9.0-RELEASE-p3 #0: Tue Jun 12 01:47:53 UTC 2012     root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
```




Any ideas?


----------



## worldi (Dec 31, 2013)

*Re: ntpd is broken, maxes out connection breaking other serv*

A similar problem was described on a German BSD forum recently [1]. The OP suggested this might be an NTP DoS reflection attack [2,3].

[1] http://www.bsdforen.de/threads/tcpdump- ... agt.30632/
[2]  http://isc.sans.org/diary/NTP+reflection+attack/17300
[3] http://seclists.org/oss-sec/2013/q4/567


----------

