Re: Port 123 and ipv6

To: debian-user@lists.debian.org
Subject: Re: Port 123 and ipv6
From: Sven Hartge <sven@svenhartge.de>
Date: Tue, 28 Jan 2014 14:32:02 +0100
Message-id: <[🔎] 8adb01eetkv8@mids.svenhartge.de>
References: <[🔎] 52E74375.7000201@gmail.com> <[🔎] 20140128125752.GL12013@newton.itcfollmann.com>

Henning Follmann <hfollmann@itcfollmann.com> wrote:
> On Tue, Jan 28, 2014 at 01:43:17PM +0800, lina wrote:

>> I read something online, and wonder:
>> 1] shall I close the port 123
>> 2] disable ipv6
>> 
>> Shall I follow the advice from https://wiki.debian.org/DebianIPv6 to
>> turn off the ipv6 in wheezy as in squeeze,

> STOP NTP!
> ntpd is currently abused as a DDOS attack vector.
> If your ntpd responds to ntpdc -n -c monlst <IP of ntpd>
> you have to disable the monitor function (at least).

If you have not "butchered" the default ntp.conf from the debian
package, there is no need to be hasty, as the Debian default is safe and
cannot be used for the mentioned DDoS attack.

Just check if the following lines are present and active in your
ntp.conf:

restrict -4 default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Reply to:

Follow-Ups:
- Re: Port 123 and ipv6
  - From: lina <lina.lastname@gmail.com>

References:
- Port 123 and ipv6
  - From: lina <lina.lastname@gmail.com>
- Re: Port 123 and ipv6
  - From: Henning Follmann <hfollmann@itcfollmann.com>

Prev by Date: Re: how to remove ? directory
Next by Date: Re: how to remove ? directory
Previous by thread: Re: Port 123 and ipv6
Next by thread: Re: Port 123 and ipv6
Index(es):
- Date
- Thread