SLES 11 server generating a lot of traffic and responding sluggish - NTP Reflection
This document (7014543) is provided subject to the disclaimer at the end of this document.
Here is the syntax: restrict address[mask mask]
For example: If you want to restrict access from the 10.0.0.0/8 subnet you would add the following line:
restrict 10.0.0.0 255.0.0.0 noquery
If you want to completely harden
NTP, use the following lines: (This is
the recommended solution)
restrict -4 default kod nomodify
notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
This will not affect Time Synchronization.
For example a LAN trace taken on the sluggish server might show a lot of NTP traffic with one or more remote clients sending NTP requests with code:
This will cause NTP on the server to send a lot of data back to the clients.
If this is done multiple times a second, from one or more devices, it can cause the NTP daemon to use excessive amounts up CPU cycles.
See Security issues with NTP at: http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html
VUL-0: CVE-2013-5211 is the specific issue described above.
Using the restrict -4 default kod nomodify notrap nopeer noquery and restrict -6 default kod nomodify notrap nopeer noquery configuration options hardens NTP against other security issues mentioned at the link above.
There is a lot of information out there on these issues. Here are a few examples:
NTP version 4.2.7 addresses these issues but it is still marked as Development.
As of the creation of this document the latest "Stable" or "Production" code is being shipped.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7014543
- Creation Date: 11-Feb-2014
- Modified Date:28-Sep-2022
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com