Hi, has anyone else noticed that the ntpd's version / configuration on
the 4.0.1 HP3 appliance is vulnerable? We've found our AM vm under
attack this morning. Traffic was 40MB/sec with zero users on the
appliance. As soon as we shut off ntpd, the traffic went to zero.

I see that the most current version for ntp is 4.2.4p8-1.28.1 in the
NAM40-APP-Updates repo. I think that really needs to be moved up to the
latest 4.2.8....

After all, this is supposed to be a secure gateway...not an appliance to
execute remote DDOS attacks :-(
It being an appliance, I would expect the experts who put it together to
watch out for stuff like this.

I guess for now I will manually upgrade ntp to the latest.

Anyhow...just sharing the problem in case it helps someone out to
recover their bandwidth (and perhaps stop a few other DDOS attacks).


bczviin's Profile: https://forums.netiq.com/member.php?userid=6782
View this thread: https://forums.netiq.com/showthread.php?t=52553