[ntp:questions] monitor attack

folkert folkert at vanheusden.com
Mon Mar 23 12:56:31 UTC 2015


This morning I got an e-mail from my ISP (xs4all in the Netherlands)
that my systems can be used for a reflection attack. They had logged in
to my modem and pinpointed a clock on my LAN.

What confuses me is the following:

- the gateway system already had 
	disable monitor
	restrict -4 default kod notrap nomodify nopeer
	restrict -6 default kod notrap nomodify nopeer
  in ntp.conf

- the clock they complained about is somewhere on my LAN and should not
  directly be accessible from the outside ( it did not
  have disable monitor but as I mentioned; it cannot be reached from
  the internet

Does someone have got any idea what the problem here is?

Note that testing it won't (should) not work right now as I temporarily
firewalled port 123 until I figured this out.


Folkert van Heusden

Always wondered what the latency of your webserver is? Or how much more
latency you get when you go through a proxy server/tor? The numbers
tell the tale and with HTTPing you know them!
Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com

More information about the questions mailing list