Re: [ntp:questions] Meinberg Configuration Help
OK...so I owe a little more explanation into my issue here. I was able to get my NTP server patched up and everything seemed to be working fine. I am working from home today due to the weather so I logged into my pfsense firewall to see how everything was working. I noticed I had a large amount of traffic outbound but hardly any inbound. I stopped my NTP server and it didn't seem to make a difference. I started unplugging uplinks, etc to see if I could narrow down the issue. I started a packet capture from the firewall and I could see a lot of traffic outbound from my WAN interface on 123. I then started a capture on my LAN but did not see any traffice using 123. I could not figure out how this was possible. I started snooping aroun the firewall and found that I guess I inadvertently configured my firewall as an NTP server too. It must be plagued by the same issue as my NTP server was. I guess that explains why I kept receiving the message that my server was capable of re ceiving management queries even after I changed the config on my server. Now that the NTP server on the firewall is disabled and my server is patched up traffic has returned to normal and my server passes the management query check. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Meinberg Configuration Help
On 01/03/2014 22:43, boostinbad...@gmail.com wrote: My NTP server is part of the pool project and appears to be running fine. Comcast contacted me about a month ago to let me know that my NTP server was infected with a bot. I checked and everything seems to be ok. I re-enabled my server about a week ago and I received another phone call last week concerning security on my network. I contacted Ask and he said that it was not a bot but an issue with my server allowing management requests. I asked Ask how to properly configure my Meinberg client to not allow management requests because I understand that they can be problematic. I know the config for ntpd but I am not sure of the proper syntax for Meinberg. Can someone provide me with that info? I understand that the current development version no longer has the problem, so you might like to update as described here: http://www.satsignal.eu/ntp/setup.html#updating If the problem still remains, you will want to apply the access restrictions to the NTP configuration. The syntax will be identical to that for the Linux/FreeBSD versions to which others have pointed you. -- Cheers, David Web: http://www.satsignal.eu ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Meinberg Configuration Help
Thanks everyone for your suggestions and help! David, I just downloaded 4.2.7p421 from your site and implemented it on my server. Time will tell if it is now working like it should. Thanks again! Mitch ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Meinberg Configuration Help
On 2014-03-02, Brian Inglis brian.ing...@systematicsw.ab.ca wrote: On 2014-03-01 15:43, boostinbad...@gmail.com wrote: My NTP server is part of the pool project and appears to be running fine. Comcast contacted me about a month ago to let me know that my NTP server was infected with a bot. I checked and everything seems to be ok. I re-enabled my server about a week ago and I received another phone call last week concerning security on my network. I contacted Ask and he said that it was not a bot but an issue with my server allowing management requests. I asked Ask how to properly configure my Meinberg client to not allow management requests because I understand that they can be problematic. I know the config for ntpd but I am not sure of the proper syntax for Meinberg. Can someone provide me with that info? Banner on http://support.ntp.org links to http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using and recommends restrict default noquery [and possibly other no... options] or you could use restrict default ignore; also add disable monitor. And why those are not the default I will never know. They should never have been on by default-- the problem was obvous 15 years ago, if nothing else in giving an attacker knowledge about your system. Things which go out to the broad internet should be off by default, and be switched on by the user who needs them. Just as ntpd does not have a list of servers it uses by default, but I guess people running ntp servers got burned by that one 20 years ago. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Meinberg Configuration Help
On 02/03/14 19:31, William Unruh wrote: On 2014-03-02, Brian Inglis brian.ing...@systematicsw.ab.ca wrote: On 2014-03-01 15:43, boostinbad...@gmail.com wrote: My NTP server is part of the pool project and appears to be running fine. Comcast contacted me about a month ago to let me know that my NTP server was infected with a bot. I checked and everything seems to be ok. I re-enabled my server about a week ago and I received another phone call last week concerning security on my network. I contacted Ask and he said that it was not a bot but an issue with my server allowing management requests. I asked Ask how to properly configure my Meinberg client to not allow management requests because I understand that they can be problematic. I know the config for ntpd but I am not sure of the proper syntax for Meinberg. Can someone provide me with that info? Banner on http://support.ntp.org links to http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using and recommends restrict default noquery [and possibly other no... options] or you could use restrict default ignore; also add disable monitor. And why those are not the default I will never know. They should never have been on by default-- the problem was obvous 15 years ago, if nothing else in giving an attacker knowledge about your system. Things which go out to the broad internet should be off by default, and be switched on by the user who needs them. Just as ntpd does not have a list of servers it uses by default, but I guess people running ntp servers got burned by that one 20 years ago. There is a complete new generation of sys-admins since then. well known among those so skilled in the art does not mean active knowledge amongst users. This might be a lesson to remember. Cheers, Magnus ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Meinberg Configuration Help
On 2014-03-01 15:43, boostinbad...@gmail.com wrote: My NTP server is part of the pool project and appears to be running fine. Comcast contacted me about a month ago to let me know that my NTP server was infected with a bot. I checked and everything seems to be ok. I re-enabled my server about a week ago and I received another phone call last week concerning security on my network. I contacted Ask and he said that it was not a bot but an issue with my server allowing management requests. I asked Ask how to properly configure my Meinberg client to not allow management requests because I understand that they can be problematic. I know the config for ntpd but I am not sure of the proper syntax for Meinberg. Can someone provide me with that info? Banner on http://support.ntp.org links to http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using and recommends restrict default noquery [and possibly other no... options] or you could use restrict default ignore; also add disable monitor. -- Take care. Thanks, Brian Inglis ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
