2014-02-04 10:59 AM
Our filers are being used as part of a large scale NTP reflection attack, I can find no documentation on how to turn off monlist queries.
Any one here have any ideas?
Solved! SEE THE SOLUTION
2014-02-04 11:59 AM
Are you seeing UDP traffic with a source port of 123 leaving your network to go to the internet? If so, configure an access control list on your network egress to disallow that.
2014-02-12 04:27 PM
If you can create an internal NTP server (or two) it's best practice to use a few strategically placed internal NTP servers and point the rest of your infrastructure to there. You can then disable monlist on your external-facing NTP servers, it is easy in the Unix NTP server.
2014-02-13 07:44 AM
Paraphrased from my support case,
Due to the way ONTAP works, there is no ntp.conf file and so the fix will have to be an ONTAP patch.
As a workaround either disable NTP until a fix is released, or block port 123/udp with a firewall.