Recently I heard a possible plan from a group of blackhat crackers about utilizing vulnerable NTP servers from the Pool to launch a Reflection DDoS attack. Even if it’s not going to happen, or the attack is not feasible, I think it’s the right time for every NTP server operator to fix and upgrade vulnerable servers. Please notify every NTP operator you know and let them be aware of the (old) issue.
TLDR. upgrade NTP and use
restrict default kod limited nomodify notrap nopeer noquery restrict -6 default kod limited nomodify notrap nopeer noquery
@Ask, could we integrate misconfiguration detection into the monitoring system? For example show a warning message for servers with public query. This can dramatically raise awareness of the issue.