[OpenIndiana-discuss] NTP trouble and 123 port
Brogyányi József
brogyi at gmail.com
Sat Apr 26 07:52:23 UTC 2014
Ok, but my ISP check my 123 port and he see the 123 port is open. He
insist to close the 123 port.
I think I need a cron script what randomly switch the NTP service on and
when the system clock is synchrony then switch it off.
May be that's enough once a day. So the 123 port is open only a short time.
I understand my server doesn't answer for a bad guys request but the
port is open.
2014.04.26. 2:27 keltezéssel, Gary Mills írta:
> On Fri, Apr 25, 2014 at 10:53:36PM +0200, Brogyányi József wrote:
>> **
>> **I modified the ntp.conf but something is missing.*
>>
> [...]
>> *If enable the ntp then the server is runing on 123 port.*
> That's okay. `ntpd' must run continuously so that it can modify
> your system clock, and so that it can periodically poll the four
> time servers you have listed in the config file.
>
> The restrictions for the default network in the config file mean that
> it won't respond to commands arriving on most network interfaces.
> That's what prevents the NTP amplification attack. Indeed it's a
> server, but it's invisible as far as the outside world can tell.
>
> It will respond to 127.0.0.1 and ::1 . That's why `ntpq -p' works.
>
More information about the OpenIndiana-discuss
mailing list