https://community.mcafee.com/thread/64073

Hi Guys,

in Germany actually there are a lot of NTP DoS attacks running.

If you NTP Server on the Sidewinder is reachable from external, please add these line to you ntp.conf.<burbnumber or zonename of external zone>: (/secureos/etc/ntp/ntp.conf.external)

restrict default kod nomodify notrap nopeer noquery

restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.0 mask 255.0.0.0

restrict -6 ::1

Save and restart the ntp daemon. cf daemond restart agent=ntp

Attention: After a Firewall reboot or a GUI change of the NTP Settings, these line are gone!

@McAfee

Maybe you can publish a NTP-Patch for the Sidewinder Firewall.

More Information:

https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks

regards

Sebastian