So I am now subject of the latest NTP DDoS attack. I have been reading NTP.CONF(5) manpages and so far have managed a few lines in the ntp.conf file on my server such as:
restrict aaa.bbb.ccc.0 mask 255.255.252.0 nomodify notrap
restrict ddd.eee.fff.0 mask 255.255.254.0 nomodify notrap nopeer
where the top line signifies my network infrastructure and the bottom line are hosts that go through the network.
1. Is there a way to have network infrastructure use a password and NOT the other devices?
2. Are these lines like an access list where I can add "restrict default ignore" at the bottom for everyone else to be rejected?
3. Do I need to add the ntp.pool servers to that list as well, and how if all I have is the "ntp.pool"?