NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.Notes:
ntp-4.2.8p15was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Please see the NTP Security Notice for vulnerability and mitigation details.Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
$ date; nmap -p 123 ntp.undeadarmy.com Thu Nov 22 09:15:51 CST 2012 Starting Nmap 5.00 ( https://nmap.org ) at 2012-11-22 09:15 CST Interesting ports on 18.104.22.168.host.nwnx.net (22.214.171.124): PORT STATE SERVICE 123/tcp closed ntp Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
|ServerLocation||Linode, Net Access Corporation (NAC), Newark, NJ, US|
|ServerSynchronization||Various stratum 1/2 servers. Gentoo, Linux/2.6.32, NTP/4.2.4p7|
|ServerContact||Dustin Heimerl (firstname.lastname@example.org)|