Dne 31. prosince 2013 14:04 Jindrich Fucik <[email protected]> napsal(a): > Jenom připomenu, že ntp je port 123 - čili je asitak druhej, kterej napadne > mladého hackera při psaní svého programu (hned po 1234 a před 12345)
O Silvestru probihal DRDos utok pomoci aplifikace pres otevrene ntp servery: Dne Út 31.pro.2013 10:14:16, [email protected] napsal(a): > A public NTP server on your network participated in a very large-scale > attack against a customer of ours today, generating UDP responses > to spoofed requests with bogus timestamps that claimed to be from > the attack target. [...] > If you have the ability to look at historical traffic data and > determine the true source of the spoofed traffic, please also do > this -- we'd love for this attacker himself to be shut down and for > his ISP to fix its network configuration in order to stop others > from spoofing. With the 10x amplification factor of NTP DRDoS > attacks, it only takes one machine on an unfiltered 1 Gbps link to > generate 10 Gbps of nearly untraceable attack traffic. Ntpd ve FreeBSD ma v defaultu zakomentovane "restrict default ignore", takze se dal v ramci tohodle utoku zneuzit (v defaultni konfiguraci, na stroji bez firewallu). http://svnweb.freebsd.org/base/release/9.2.0/etc/ntp.conf?view=markup M. -- FreeBSD mailing list ([email protected]) http://www.freebsd.cz/listserv/listinfo/users-l
