LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Closed Thread
  Search this Thread
Old 10-23-2016, 12:49 PM   #1
robolux
Member
 
Registered: Oct 2016
Posts: 31

Rep: Reputation: Disabled
NTP and 123/UDP attack?


Hi!

Yesterday I installed Lubuntu 16.04 to my HDD and discovered some very strange traffic both incoming and outgoing from the ntp port, listed under 123/udp.

After researching the connecting IPs I found out that most of them correspond to local software businesses and IT firms.

I checked the traffic with iftop, which showed that multiple bytes, in some cases even +1KB, was sent and received to and from those IPs.

Screenshot: https://s12.postimg.org/w647skop9/screen.png


.)Do I have to be worried, that those services transmitted malware or other harmful code?

.)How can I permanently block those connections or port?

I have tried using the following, unsuccessfully.

-->with the built in firewall


Code:
    sudo ufw deny 123/udp
 

    sudo ufw deny ntp
-->with iptables

Code:
    sudo iptables -A OUTPUT -p udp --dport 123 -j DROP

 

    sudo iptables -A INPUT -p udp --sport 123 -j DROP
Thank you!

Last edited by buntuluxx; 3 Hours Ago at 02:40 PM.
 
Old 10-23-2016, 05:03 PM   #2
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,472

Rep: Reputation: 5833Reputation: 5833Reputation: 5833Reputation: 5833Reputation: 5833Reputation: 5833Reputation: 5833Reputation: 5833Reputation: 5833Reputation: 5833Reputation: 5833
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate.

Continue here:
http://www.linuxquestions.org/questi...ic-4175592039/
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration