No more Amplification Attack

For God's sake, please disable "monitor" if you operate publicly accessible NTP servers.

By the way, if monitor can be removed from the latest patches of NTP daemon, I see hope of disallowing "ANY" query in resolvers in coming patches.  All name query should be specific.   If you want to do mail exchange, ask for MX followed by A record.  If you want to know the authoritative name server of a domain name, ask for NS.  These days, "ANY" would not serve any purpose except network attacks.

No comments: