[ntp:questions] Jesus Christ! -> even internet time-sync (NTP)is vulnerable to exploitation?

cool hand luke coolhandluke at coolhandluke.org
Mon Dec 22 03:52:29 UTC 2014


On 12/21/2014 10:30 PM, Virus Guy wrote:
> Under what conditions would someone who is NOT operating an NTP server
> expect to see external IP's hit his router on port 123?

When hosts behind that router are running an NTP client. If the router 
was also performing NAT, the destination IP of those packets would be 
the router's.

Depending on how the packets were captured/logged, they might have even 
been caught if NAT wasn't being performed (if a poorly constructed 
filter was used; for example, filtering just for UDP port 123 and not by 
the destination IP address).

/chl


More information about the questions mailing list