ntp 网络攻击与解决方法(3种)

1 数据分析

数据包分析

2 解决方法(脚本)

方法1：

将原有的ntp升级到ntp-4.2.8p10，就可以解决该问题

#! /bin/bash
mkdir -p /home/zyb/tools
cd /home/zyb/tools
#wget http://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p10.tar.gz
yum install gcc gcc-c++ openssl-devel libstdc++* libcap*
cp -ar /etc/ntp /etc/ntp.bak
cp /etc/ntp.conf /etc/ntp.conf.bak
cp /etc/init.d/ntpd /etc/init.d/ntpd.bak
cp /etc/sysconfig/ntpd /etc/sysconfig/ntpd.bak
cp /etc/sysconfig/ntpdate /etc/sysconfig/ntpdate.bak
yum erase ntp ntpdate -y
install -v -m710 -o ntp -g ntp -d /var/lib/ntp
tar -xf ntp-4.2.8p10.tar.gz
cd ntp-4.2.8p10
./configure --prefix=/usr --bindir=/usr/sbin --sysconfdir=/etc --enable-linuxcaps --with-lineeditlibs=readline --docdir=/usr/share/doc/ntp-4.2.8p9 --enable-all-clocks --enable-parse-clocks --enable-clockctl

make
make install

/bin/cp /etc/init.d/ntpd.bak /etc/init.d/ntpd
/bin/cp /etc/sysconfig/ntpd.bak /etc/sysconfig/ntpd
/bin/cp /etc/sysconfig/ntpdate.bak /etc/sysconfig/ntpdate
/bin/mv /etc/ntp.bak /etc/ntp
/bin/cp /etc/ntp.conf.bak /etc/ntp.conf
service ntpd start
ntpd --version

方法2：

关闭ntpd服务

service ntpd stop

方法3：

关闭ntpd对应端口

iptables -I INPUT --dport  123 -j DROP

3 问题

make[4]: Entering directory `/home/zyb/tools/ntp-4.2.8p10/sntp'
  CCLD     sntp
/usr/bin/ld: cannot find -lcap
collect2: ld returned 1 exit status
make[4]: *** [sntp] Error 1
make[4]: Leaving directory `/home/zyb/tools/ntp-4.2.8p10/sntp'
make[3]: *** [install-recursive] Error 1
make[3]: Leaving directory `/home/zyb/tools/ntp-4.2.8p10/sntp'
make[2]: *** [install] Error 2
make[2]: Leaving directory `/home/zyb/tools/ntp-4.2.8p10/sntp'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/home/zyb/tools/ntp-4.2.8p10'
make: *** [install] Error 2

解决方法：
最简单方法：

yum groupinstall "Compatibility libraries" "Base" "Development tools"