Hi, I am occasionally getting outgoing firewall alerts from NTP attempting to send packets back to random destinations. Although I have the latest NTP and thus am not susceptible to NTP amplification DDoS attempts, I would prefer not to be bugged by people scanning for vulnerable servers. I assume that UDP packets are getting through the router due to 'full cone NAT' as explained at https://isc.sans.edu/forums/diary/Part+2+Is+your+home+network+unwittingly+contributing+to+NTP+DDOS+attacks/18549/ and the fact that NTP is always using port 123 as the source port when it polls the remote time server every minute; thus leaving port 123 open on the router all the time, since it never times out. There are obviously ways to block the unwanted UDP packets after they have reached the local network, but I'd rather they got blocked at the router. To this end, can NTP be made to use a random source port (in client/server mode)? Ancillary question: can ntpd/ntpq/ntpdc be queried to confirm the configuration file *actually* used when ntpd was invoked? Thanks, Geoff Down
-- http://www.fastmail.com - mmm... Fastmail... _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
