topic Re: How can you restrict NTP queries and prevent NTP reflection attacks? in ONTAP Discussions https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21378#M5034 <HTML><HEAD></HEAD><BODY><P style="font-weight: inherit; font-style: inherit; font-family: inherit;">Paraphrased from my support case,</P><P></P><P style="font-weight: inherit; font-style: inherit; font-family: inherit;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: Calibri, sans-serif;">Due to the way ONTAP works, there is no ntp.conf file and so the fix will have to be an ONTAP patch. <BR /></SPAN><A class="jive-link-external-small" href="http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&amp;Display=787469" style="font-weight: inherit; font-style: inherit; font-family: inherit; color: #009fda;" target="_blank">http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&amp;Display=787469</A></P><P style="font-weight: inherit; font-style: inherit; font-family: inherit;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: Calibri, sans-serif;">As a workaround either disable NTP until a fix is released, or block port 123/udp with a&nbsp; firewall.</SPAN></P></BODY></HTML> Thu, 13 Feb 2014 15:44:53 GMT spenticoff 2014-02-13T15:44:53Z How can you restrict NTP queries and prevent NTP reflection attacks? https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21357#M5019 <HTML><HEAD></HEAD><BODY><P><A href="http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks" title="http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks" target="_blank">http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks</A></P><P><A href="https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300" title="https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300" target="_blank">https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300</A></P><P></P><P>Our filers are being used as part of a large scale NTP reflection attack, I can find no documentation on how to turn off monlist queries.<BR />Any one here have any ideas? </P></BODY></HTML> Thu, 05 Jun 2025 05:44:07 GMT https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21357#M5019 spenticoff 2025-06-05T05:44:07Z Re: How can you restrict NTP queries and prevent NTP reflection attacks? https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21362#M5022 <HTML><HEAD></HEAD><BODY><P>Are you seeing UDP traffic with a source port of 123 leaving your network to go to the internet? If so, configure an access control list on your network egress to disallow that. </P></BODY></HTML> Tue, 04 Feb 2014 19:59:20 GMT https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21362#M5022 ostiguy 2014-02-04T19:59:20Z Re: How can you restrict NTP queries and prevent NTP reflection attacks? https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21369#M5026 <HTML><HEAD></HEAD><BODY><P>We don't operate the firewall, and that is a viable option, I was just looking for a netapp specific solution so I don't have to escalate.</P></BODY></HTML> Tue, 04 Feb 2014 21:28:34 GMT https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21369#M5026 spenticoff 2014-02-04T21:28:34Z Re: How can you restrict NTP queries and prevent NTP reflection attacks? https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21374#M5030 <HTML><HEAD></HEAD><BODY><P>If you can create an internal NTP server (or two) it's best practice to use a few strategically placed internal NTP servers and point the rest of your infrastructure to there. You can then disable monlist on your external-facing NTP servers, it is easy in the Unix NTP server.</P></BODY></HTML> Thu, 13 Feb 2014 00:27:01 GMT https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21374#M5030 WSANDERSATFLEXERA 2014-02-13T00:27:01Z Re: How can you restrict NTP queries and prevent NTP reflection attacks? https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21378#M5034 <HTML><HEAD></HEAD><BODY><P style="font-weight: inherit; font-style: inherit; font-family: inherit;">Paraphrased from my support case,</P><P></P><P style="font-weight: inherit; font-style: inherit; font-family: inherit;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: Calibri, sans-serif;">Due to the way ONTAP works, there is no ntp.conf file and so the fix will have to be an ONTAP patch. <BR /></SPAN><A class="jive-link-external-small" href="http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&amp;Display=787469" style="font-weight: inherit; font-style: inherit; font-family: inherit; color: #009fda;" target="_blank">http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&amp;Display=787469</A></P><P style="font-weight: inherit; font-style: inherit; font-family: inherit;"><SPAN style="font-weight: inherit; font-style: inherit; font-family: Calibri, sans-serif;">As a workaround either disable NTP until a fix is released, or block port 123/udp with a&nbsp; firewall.</SPAN></P></BODY></HTML> Thu, 13 Feb 2014 15:44:53 GMT https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21378#M5034 spenticoff 2014-02-13T15:44:53Z Re: How can you restrict NTP queries and prevent NTP reflection attacks? https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21386#M5038 <HTML><HEAD></HEAD><BODY><P>We just received notification of Technical Support Bulletin - KB 7010104.&nbsp; For cDOT the good news is there is a firewall in ONTAP.</P></BODY></HTML> Thu, 13 Feb 2014 21:20:58 GMT https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21386#M5038 scottgelb 2014-02-13T21:20:58Z Re: How can you restrict NTP queries and prevent NTP reflection attacks? https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21389#M5040 <HTML><HEAD></HEAD><BODY><P>can you link to this bulletin?</P><P>I'm still in 7 mode but this is good news.</P></BODY></HTML> Fri, 14 Feb 2014 18:17:37 GMT https://community.netapp.com/t5/ONTAP-Discussions/How-can-you-restrict-NTP-queries-and-prevent-NTP-reflection-attacks/m-p/21389#M5040 spenticoff 2014-02-14T18:17:37Z