Hi All:
Vigor 26860n Firmware version 3.8.4.3_BT FTTC Zen
The other day my ISP informed me that my IP address had been used in an NTP amplification attack and "
would I please fix it?".
I run a Raspberry Pi as a Stratum 1 time server
http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html
and the intention was that this would only be used by my small internal network. However, this turned out not to be the case and was due to my misconfiguration.
I
believe I've now closed off port 123 to external users using firewall rules, but when I run the nmap monlist script I get the port as open but filtered. My NTP software is apparently not vulnerable (Ver. 4.2.8p10)
nmap -sU -pU:123 -Pn -n --script=ntp-monlist xx.xx.xx.xx
Code:
Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-26 08:35 BST
Nmap scan report for xx.xx.xx.xx
Host is up.
PORT STATE SERVICE
123/udp open|filtered ntp
Nmap done: 1 IP address (1 host up) scanned in 7.07 seconds
If i then run the recommended test using ntpdc I get a different answer:
ntpdc -c monlist xx.xx.xx.xx
Code:
xx.xx.xx.xx: timed out, nothing received
***Request timed out
And finally, as if to add another level of confusion, my entry on shodan.io shows port 123 as open!
Can I please get some advice?
TIA
