Centos Install Script leaves ntp vulnerable to US-CERT TA14-013A rebroadcast attack

FreePBX installations are being used to DDOS spamhaus and other legitimate services. This caused an 8Mbit spike in outgoing traffic on my VPS for an extended period of time until it was fixed.

As all versions of ntpd prior to 4.2.7 are vulnerable by default, the simplest recommended course of action is to upgrade all versions of ntpd that are publically accessible to at least 4.2.7. However, in cases where it is not possible to upgrade the version of the service, it is possible to disable the monitor functionality in earlier versions of the software.
To disable “monlist” functionality on a public-facing NTP server that cannot be updated to 4.2.7, add the “noquery” directive to the “restrict default” line in the system’s ntp.conf, as shown below:
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery



Sorry I should have checked the issue queue. This is indeed fixed on the latest PBX I installed. Hopefully this serves as a reference for people searching for Outbound Traffic issues.