[ntp:questions] Jesus Christ! -> even internet time-sync (NTP)is vulnerable to exploitation?
cool hand luke
coolhandluke at coolhandluke.org
Mon Dec 22 03:52:29 UTC 2014
On 12/21/2014 10:30 PM, Virus Guy wrote:
> Under what conditions would someone who is NOT operating an NTP server
> expect to see external IP's hit his router on port 123?
When hosts behind that router are running an NTP client. If the router
was also performing NAT, the destination IP of those packets would be
the router's.
Depending on how the packets were captured/logged, they might have even
been caught if NAT wasn't being performed (if a poorly constructed
filter was used; for example, filtering just for UDP port 123 and not by
the destination IP address).
/chl
More information about the questions
mailing list