On Friday, February 14, 2014 03:01:27 AM Jared Mauch wrote:
I would actually like to ask for those folks to un-block NTP so there is proper data on the number of hosts for those researching this. The right thing to do is reconfigure them. I've seen a good trend line in NTP servers being fixed, and hope we will see more of that in the next few weeks.
Depending on your OS, the fixes can be quite simple or interesting. On my FreeBSD servers, simply updating with "freebsd-update" was enough to fix the issue (in addition to limiting who/what can access the service). On Cisco devices, the ACL's you can attach to the NTP process are quite effective. On Juniper devices, it is less intuitive, and even though NTP is enabled only as a client, it, sadly, runs the server as well. A firewall filter helps here when applied correctly. Can't speak to other OS's. Mark.