Quoting Justin who wrote on Mon 2013-11-04 at 21:54: > I have two machines that participate in the ntp pool project, and I > received an abuse email today. Basically, my server was DDOS someone > else, ntp reflection attack. Obviously that is not something I want to > do. By default my ntp server allows any that connect to port 123.
Do you answer monitoring packets from the outside? These can be used in
attacks: the answers are bigger than the questions.
> These ddos were sending the responses back to someone's port 80, which
> is causing me the headache. My first step will be to lock the ntp down
> to port 123 and ports above 1024 for people behind a nat.
Or simple clients... (ntpdate -u uses unprivileged ports for example).
Koos
--
Koos van den Hout, PGP keyid DSS/1024 0xF0D7C263 via keyservers
[email protected]
Weather maps from free sources at
http://idefix.net/ http://weather.idefix.net/
signature.asc
Description: Digital signature
_______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
