[Admins] Blocked ports UDP/123, UDP/623
Jogi Hofmüller
jogi at mur.at
Di Nov 24 13:45:02 CET 2015
Hi,
Am 2015-11-24 um 12:44 schrieb IOhannes m zmölnig - mur.at:
> blocking outgoing NTP?
> so each and every debian based machine now needs to be updated to not
> use the Debian defaults [0123].debian.pool.ntp.org anymore??
Yes. Or ask to be "whitelisted" which also is an option.
> I oppose! (until someone can properly explain why this step is
> absolutely necessary; on a sidenote: how many NTP servers have been
> attacked from within the mur.at network in the last 5 years?).
So far none. It's also not about being attacked rather than being part
of an attack. NTP ist used for amplification attacks and a vulnerable
server will be part of the attack.
I mentioned emails from CERT that we got in my previous message. These
were about machines running ntp servers that ARE vulnerable for
amplification attacks. Since fixing these is (for reasons beyond my
understanding) not an option we decided to disable the port network wide.
Cheers,
--
J.Hofmüller
Fakten verschwinden nicht, nur weil eins sie ignoriert.
- nach Aldous Huxley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mur.at/pipermail/admins/attachments/20151124/fcc82431/attachment.sig>
Mehr Informationen über die Mailingliste Admins