LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-09-2015, 04:52 AM   #1
postcd
Member
 
Registered: Oct 2013
Posts: 448

Rep: Reputation: Disabled
ntpd attack,why?


Hello, i got this message (pastebin.com/T3zQa4iU) that one of VPS participated in NTP attack. Im providing an VPS to one person,

this is running on it:
"/usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 102:103"

from /etc/passwd:
ntp:x:102:103::/home/ntp:/bin/false

from /etc/ntp.conf
restrict default kod notrap nomodify nopeer

i followed advices provided by that attack report, what else you see from outputs above please? Do you think that person is doing this intentionally?
 
Old 04-09-2015, 05:12 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,390
Blog Entries: 55

Rep: Reputation: 3562Reputation: 3562Reputation: 3562Reputation: 3562Reputation: 3562Reputation: 3562Reputation: 3562Reputation: 3562Reputation: 3562Reputation: 3562Reputation: 3562
Quote:
Originally Posted by postcd View Post
Hello, i got this message (pastebin.com/T3zQa4iU) that one of VPS participated in NTP attack.
I'm sorry to say but that tells me that you have not been paying attention as NTP attacks have been going on for quite a while now. Please put in an effort to secure machines you're responsible for.


Quote:
Originally Posted by postcd View Post
what else you see from outputs above please?
One should not expose NTP (or DNS or proxy or whatever else service) to world without good reasons. (And with respect to NTP there are none else you would know.)


Quote:
Originally Posted by postcd View Post
Do you think that person is doing this intentionally?
Could be but there's no evidence for that plus it's a reflection attack.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] simulating blackhole attack and wormhole attack in ns-2 aditijigyasi Linux - Newbie 7 07-04-2016 08:50 AM
NTPd slackamp Slackware 1 12-26-2006 02:39 PM
ntpd jayhel Slackware 2 02-19-2005 10:12 AM
ntpd in RH 7.3 melissad Linux - Networking 4 04-28-2003 12:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration