ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

How can you restrict NTP queries and prevent NTP reflection attacks?

spenticoff
‎2014-02-04 10:59 AM
29,444 Views

http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks

https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300

Our filers are being used as part of a large scale NTP reflection attack, I can find no documentation on how to turn off monlist queries.
Any one here have any ideas?

0 Kudos
View By:
1 ACCEPTED SOLUTION

spenticoff
‎2014-02-13 07:44 AM
29,444 Views

Paraphrased from my support case,

Due to the way ONTAP works, there is no ntp.conf file and so the fix will have to be an ONTAP patch.
http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=787469

As a workaround either disable NTP until a fix is released, or block port 123/udp with a  firewall.

View solution in original post

6 REPLIES 6

ostiguy
NetApp
‎2014-02-04 11:59 AM
29,444 Views

Are you seeing UDP traffic with a source port of 123 leaving your network to go to the internet? If so, configure an access control list on your network egress to disallow that.

spenticoff
‎2014-02-04 01:28 PM
In response to ostiguy
29,444 Views

We don't operate the firewall, and that is a viable option, I was just looking for a netapp specific solution so I don't have to escalate.

0 Kudos

WSANDERSATFLEXERA
‎2014-02-12 04:27 PM
In response to spenticoff
29,444 Views

If you can create an internal NTP server (or two) it's best practice to use a few strategically placed internal NTP servers and point the rest of your infrastructure to there. You can then disable monlist on your external-facing NTP servers, it is easy in the Unix NTP server.

0 Kudos

spenticoff
‎2014-02-13 07:44 AM
29,445 Views

Paraphrased from my support case,

Due to the way ONTAP works, there is no ntp.conf file and so the fix will have to be an ONTAP patch.
http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=787469

As a workaround either disable NTP until a fix is released, or block port 123/udp with a  firewall.

scottgelb
NetApp A-Team
‎2014-02-13 01:20 PM
In response to spenticoff
29,444 Views

We just received notification of Technical Support Bulletin - KB 7010104.  For cDOT the good news is there is a firewall in ONTAP.

0 Kudos

spenticoff
‎2014-02-14 10:17 AM
In response to scottgelb
29,444 Views

can you link to this bulletin?

I'm still in 7 mode but this is good news.

0 Kudos
Announcements
All Community Forums
Public