[chrony-users] prevent amplification attack

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: [chrony-users] prevent amplification attack
From: Adrian Zaugg <chrony.tuxfamily.org@xxxxxxxxxxxxxxx>
Date: Thu, 09 Dec 2021 19:14:57 +0100
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mailgurgler.com; s=main; h=X-MTA-Admin-Wish:Content-Type:MIME-Version: Message-ID:Date:To:From:Cc:User-Agent:Content-Transfer-Encoding:Content-ID: Content-Description:Content-Language:Precedence:MIME-Version:In-Reply-To: References:Autocrypt; bh=Y8kEQZi5dkGTPi92YfEy4oKr6PJOeaxc81ks9UUWVdg=; b=pyR4 RfX537hA2BlKJw4Mv88pXFe3EvplADLyIp4ue0j6CluIfdDRUjtgJlXJ/g1LVINYWO+DU4J5BMBT8 /x5CBYL71jJGEQemNs9ceedqPey2jX9Rbx1PZQkuGFiDSaIjxOXYIRc2DkaEWSEzuKbTsLiI0okgk Cw/Ay8GZoFR1hODOBqtQkWUv3qfcjmQRuWxg2RDFy2R0wMOSH666QfXzRsdn7+KsaFgSmmhJin7pk a8EhezXlRc+jS4GVVyUGAfPzoENJJGJGmuiA43CkgDLkXdfGYmiGsxNfNA3KSrtrZ8czOjE5sd01i LouEtDOb4RCZFDo51hGiwFaHzqZKjQ==;

Hi there

My network is monitored by shadowserver.org and it reports for my chrony 
instance, that it may be used in amplification attacks because it responded to 
"ntp mode 6 query READVAR". [1] 

They suggest to test with 
	ntpq -c rv <my ntp server's ip>

but if I do so, I do get a timeout and no answer. I allow everyone to contact 
the ntp server (it's a pool server), but commands and queries should be 
restricted by default in chrony as I understand. The directive
	allow
is set in chrony.conf as a single word on its own line.

How can I properly test whether it is true what shadowserver.org claims and 
how can I prevent chronyd to not answering such queries, if it did?

Thank you for your comments.

Regards, Adrian.

[1] https://www.shadowserver.org/what-we-do/network-reporting/ntp-version-report/

Attachment: signature.asc
Description: This is a digitally signed message part.

Follow-Ups:
- Re: [chrony-users] prevent amplification attack
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] late-arriving hardware timestamps
Next by Date: Re: [chrony-users] prevent amplification attack
Previous by thread: Re: [chrony-users] late-arriving hardware timestamps
Next by thread: Re: [chrony-users] prevent amplification attack

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/