DDoS attack solution of CentOS on NTP service

Source: Internet
Author: User
Tags iptables aliyun

Introduction: On the network, the Linux server is a great way, but also the attack. This article will describe the NTP attack problem encountered in practice and the corresponding solution.

1. Scene description

Aliyun on the ECS, over a period of time, frequent alarm, said the traffic is too large, the DDoS attack, the service will be isolated, and stop responding to service for a period of time, flow clear. In short, the service was blocked by DDoS, not available.

2. Analysis

Access to the log information cap file is obtained by submitting a work order. After opening, you see a lot of NTP service information:

	0.000140	188.162.1.140	115.29.44.161	NTP	482	NTP Version 2, private

After Port-and process-based lookups, which are based on 123-port connection requests that are heavily resource intensive, and 123 ports are ports for NTP services, it is largely determined that the NTP service is caused by repeated requests from outside.

3. What is NTP.

NTP server "Network Time Protocol (NTP)" is a protocol used to synchronize computer times, which allows computers to synchronize their servers or clock sources (such as quartz clocks, GPS, etc.) It provides high precision time correction (the LAN is less than 1 milliseconds on a wan, dozens of milliseconds on the WANs), and can be used to prevent malicious protocol attacks by means of encryption acknowledgement. Time is propagated at the level of the NTP server. All servers are grouped into different stratum (layers) According to the distance from the external UTC source.

reference information; http://baike.baidu.com/link?url=y5y33eP0oLaSRg6pPMGDM6i-KPDxHwAQuHh84SAn_ jbayzswquet2fwsadurmn3uu7meva-zcib6wcdcrqsa8k

4. How to Solve:
Server behavior:

Because the service on your machine is improperly configured, which causes hackers to use DDoS attacks, the machine is full of external bandwidth, the use of grab tools, you can see a large number of the same source port packets out. Linux System:

Hardening NTP Service:

1, through the Iptables configuration only allow trusted IP, access to the local UDP 123 port, modify the configuration file to perform the echo "Disable Monitor" >>/etc/ntp.conf, and then restart the NTP services, service NTPD Restart.

2, it is recommended that you directly shut down NTP services, the implementation of service NTP stop, and prohibit its boot from the start of the execution Chkconfig ntpd off.

Strengthening Chargen service:

1, through the iptables configuration to allow the trust of IP, access to the local UDP 19 port.

2, it is recommended that you directly close off the Chargen service, edit the configuration file "/etc/inetd.conf", using the # annotation Chargen service, restart inetd. Windows system:

Hardening Simple TCP/IP services:

1, through the firewall configuration, only allow trusted IP, access to native UDP, TCP 19, 17 ports.

2. We recommend that you turn off the service directly as shown in the following diagram, and prohibit it from starting.

reinforcement for Web applications:

the Pingback of WordPress:

1, you can add WordPress plugin to prevent Pinback from being exploited, add the following filter:

Add_filter (' Xmlrpc_methods ', function ($methods) {
unset ($methods [' pingback.ping ']);
return $methods;
} );

2, we recommend that you directly delete the file xmlrpc.php.

5. Reference: https://help.aliyun.com/knowledge_detail/37527.html

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.