# NTP vulnerability fix



## nanotek (Jan 17, 2014)

I'm just wondering what mitigation network administrators have implemented to prevent the `ntpdc monlist` query DRDoS attack [0]?

Is upgrading to NTP 4.2.7p26 or later the best solution? Disabling remote queries entirely, or simply disabling monitor queries [1]?

[0]
http://web.nvd.nist.gov/view/vuln/detai ... -2013-5211
http://support.ntp.org/bin/view/Main/Se ... tack_using

[1] /etc/ntp.conf mitigation:

```
# disable remote queries entirely
restrict default kod nomodify notrap nopeer noquery
restrict 127.0.0.1

# disable monitor queries
disable monitor
```


----------



## chatwizrd (Jan 17, 2014)

Did you see http://www.freebsd.org/security/advisor ... 2.ntpd.asc


----------



## nanotek (Jan 18, 2014)

No, I didn't. Thanks for sharing, @chatwizrd. So, `freebsd-update` patches this vulnerability?


----------



## trh411 (Jan 18, 2014)

nanotek said:
			
		

> No, I didn't. Thanks for sharing, @chatwizrd. So, `freebsd-update` patches this vulnerability?


Yes. Per the advisory that is one of the options.


----------



## nanotek (Jan 18, 2014)

Thanks. Good to see FreeBSD on top of things like this; it sort of kills my interest in running OpenBSD.


----------

