Martin wrote in to point to VU #568372. It contains a description of a vulnerability (CVE-2009-3563) in the ntpd.org reference implementation of ntpd, which will sound very familiar for any dog owner seeing his pet chase it's own tail. Basically all that's needed is a single spoofed packet to set of ntp daemons to start endlessly sending messages to themselves or to each-other.
Filtering in the short term is a possible workaround, but upgrading your ntp software to at least version 4.2.4p8 is a far better long term strategy.
Note that this software is often embedded in various devices and operating systems, so upgrading it might take a bit of effort in tracking it all down.
Dec 9th 2009
9 years ago