vmware esxi 4.1 and ntp attacks
Hello,
if briefly - we received a letter of happiness from Hetzner, the SP address of such and such is involved in the attack,
surprised that the address belonged to the host vmware esxi 4.1
The letter clearly stated that the hero of the occasion was ntp.
and really esxi briskly responded to utility requests:
')
ntpq --peers myesxi.example.com
remote refid st when poll reach delay offset jitter
================================================= ===
nsx.customer 192.0.2.1 2 u 1024 64 1 9.057 1015598 0.001
Of course, I was surprised, because I did not think that esxi works in the ntp server mode
to fix it, simply add /etc/ntp.conf to the config
restrict default ignore
and restart the service
The essence of the attack is similar to the dns amplification attack:
the spoofed address of the victim is the source of the ntp request,
and all the answers come to the victim thereby clogging the channel
With esxi 5.1, this problem is not observed (due to the presence of built-in farvol)
if briefly - we received a letter of happiness from Hetzner, the SP address of such and such is involved in the attack,
surprised that the address belonged to the host vmware esxi 4.1
The letter clearly stated that the hero of the occasion was ntp.
and really esxi briskly responded to utility requests:
')
ntpq --peers myesxi.example.com
remote refid st when poll reach delay offset jitter
================================================= ===
nsx.customer 192.0.2.1 2 u 1024 64 1 9.057 1015598 0.001
Of course, I was surprised, because I did not think that esxi works in the ntp server mode
to fix it, simply add /etc/ntp.conf to the config
restrict default ignore
and restart the service
The essence of the attack is similar to the dns amplification attack:
the spoofed address of the victim is the source of the ntp request,
and all the answers come to the victim thereby clogging the channel
With esxi 5.1, this problem is not observed (due to the presence of built-in farvol)
Source: https://habr.com/ru/post/208152/
All Articles