Hi,
We are currently running NTP 4.0.xx for time syncronization on our servers.
Our mail server is acting as our local NTP server and is getting time from
three NTP servers.
We keep getting the following messages in our log:
Jan 28 05:59:44 psn FILTER: Connect to closed port : UDP fxp0
[128.252.135.4/123]->[128.171.128.7/12752] l=0.
Jan 28 06:03:39 psn FILTER: Connect to closed port : UDP fxp0
[128.252.135.4/123]->[128.171.128.8/14218] l=0.
128.171.128.7 is the EXT interface for our firewall, and 128.171.128.8 is
our mail server.
The Gnatbox alarm (e-mail) sends messages like the following message:
----------------------------------------------------------------------------
-
ALARM NO: 2
DATE: Thursday, Jan 27, 2000
TIME: 21:06:04
INTERFACE: EXT (fxp0)
ALARM TYPE: Doorknob twist
IP PACKET: UDP [128.252.135.4/123]-->[128.171.128.8/16088] l=0
[wuarchive.wustl.edu/123]-->[128.171.128.8/16088]
DETAILED DESCRIPTION:
Attempt to connect to unopen port.
----------------------------------------------------------------------------
-
Does anyone know what is happening? I have removed the NTP server
(wuarchive.wustl.edu) from our ntp.conf file, but we're still getting these
connection attempts (about 1 a minute). Sometimes, we get 3-4 in a 15
second span.
How do I stop this? Temporarily, I am rejecting 128.252.135.4 UDP 123 with
no logging.
Lastly, what are doorknob twists, and how do they occur?
Much thanks,
Lowell Tyler
[EMAIL PROTECTED]
