[ntp:questions] monitor attack

folkert folkert at vanheusden.com
Mon Mar 23 12:56:31 UTC 2015


Hi,

This morning I got an e-mail from my ISP (xs4all in the Netherlands)
that my systems can be used for a reflection attack. They had logged in
to my modem and pinpointed a clock on my LAN.

What confuses me is the following:

- the gateway system already had 
	disable monitor
	restrict -4 default kod notrap nomodify nopeer
	restrict -6 default kod notrap nomodify nopeer
  in ntp.conf

- the clock they complained about is somewhere on my LAN and should not
  directly be accessible from the outside (192.168.64.45). it did not
  have disable monitor but as I mentioned; it cannot be reached from
  the internet

Does someone have got any idea what the problem here is?

Note that testing it won't (should) not work right now as I temporarily
firewalled port 123 until I figured this out.


regards,

Folkert van Heusden

-- 
Always wondered what the latency of your webserver is? Or how much more
latency you get when you go through a proxy server/tor? The numbers
tell the tale and with HTTPing you know them!
                                     http://www.vanheusden.com/httping/
-----------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com


More information about the questions mailing list