Hello Koos
On 09.08.2012 17:04, Koos van den Hout wrote:
Quoting Sean Reifschneider who wrote on Tue 2012-08-07 at 15:45:
It definitely was listed back before 2005... We were in the pool for
several years, but over the period of a week or two we had two rather irate
people call our emergency support line, demanding that we fix the system
that was attacking their network. On port 123/udp. In response to packets
from their network. :-( So I removed us from the pool.
I had two of those (via e-mail) kindly sending in the 'evidence' in the
form of logfiles from their "firewall". Explaining the service and that
it only responded to requests did not help because that was not what the
"firewall" was saying, so I decided to add a firewall drop rule for the
source IPs 83.162.1.106, 86.83.253.130 and 12.34.195.206.
According to pflog, they still try from time to time so either they
fixed their "firewall" or they are slowly going through the pool, one
complaint at a time.
I did not had any such request / complaint yet. For my ntp
servers I am using dedicated IP addresses with proper PTR records
in DNS. As there are web servers running on this systems anyway,
I did setup it that web requests to *.pool.ntp.org are redirected
to www.pool.ntp.org (as mention in the documentation) and
requests to the hostnames (e.g. ntp1.home4u.ch) or IP address are
redirect to the informational web page at [1]. There I have also
the following paragraph, which I think should help prevent such
requests / complaints:
"If you see suspicious NTP (UDP port 123) connections from any of
your systems to one of the home4u.ch NTP servers, then your
system is probably using *.pool.ntp.org for timekeeping. If you
have any issue with the home4u.ch NTP servers, please contact me
with as many details as possible, so I can try to resolve it."
[1] http://www.home4u.ch/ntp.html
bye
Fabian
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
