What's going on with NTP?

I have two FreeBSD servers where the NTP daemons are using double digit CPU
percentages today rather than the usual 0.01%. Restarting them didn't help.

The clock on my Android phone is five hours slow. (It's not the time zone,
I checked that.)

Is this just my special Christmas present, or are there screwed up NTP servers?

John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

I suspect your servers are being attacked. Are you seeing a lot of in/out NTP traffic on those FreeBSD servers?


There have been a lot of NTP reflection attacks recently. Think the same as dns amplification.

Make sure you restrict access and know how to look at the client list.

Jared Mauch

you probably need to configure them correctly with:

restrict default ignore

and add additional restrict lines if you have need for other legitimate
servers to make contact with them. i suspect right now you're providing
an ntp amplification attack to the spoofed source address.



The old NTP server in FreeBSD have a bug that allow to use it for reflexion
DOS attacks: