Skip to main content

NTP 482 NTP Version 2, private message

Bulent Tekcan
Hello, I have also CSF but cannot be stopped. This attack sometimes coming from hundred of IP's. After that our server cannot be access. This attack only our mail IP. I closed all ports include NTP but didn't help. NTP also listen only local IP's. restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery My /etc/ntp.conf also include that line. Any idea how to stop this attack ? At this time our target IP closed from Router. Regards, Bulent 139.880043136 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private 139.882366931 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private 139.884717429 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private 139.887074679 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private 139.889429325 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private 139.891781180 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private 139.894119032 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private 139.896463335 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private 139.898832206 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private 139.901198286 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private Note: This screen from tshark... This is also from tcpdump 19:42:23.402290 IP po2.mia1-100.mia1.serverhub.com.ntp > mail.xxxxxxxxxxx.com.19838: NTPv2, Reserved, length 440 19:42:23.404172 IP po2.mia1-100.mia1.serverhub.com.ntp > mail.xxxxxxxxxxx.com.19838: NTPv2, Reserved, length 440 19:42:23.406049 IP po2.mia1-100.mia1.serverhub.com.ntp > mail.xxxxxxxxxxx.com.19838: NTPv2, Reserved, length 440 19:42:23.407936 IP po2.mia1-100.mia1.serverhub.com.ntp > mail.xxxxxxxxxxx.com.19838: NTPv2, Reserved, length 440 19:42:23.409812 IP po2.mia1-100.mia1.serverhub.com.ntp > mail.xxxxxxxxxxx.com.19838: NTPv2, Reserved, length 440 19:42:23.411686 IP po2.mia1-100.mia1.serverhub.com.ntp > mail.xxxxxxxxxxx.com.19838: NTPv2, Reserved, length 440 19:42:23.413563 IP po2.mia1-100.mia1.serverhub.com.ntp > mail.xxxxxxxxxxx.com.19838: NTPv2, Reserved, length 440 19:42:23.415436 IP po2.mia1-100.mia1.serverhub.com.ntp > mail.xxxxxxxxxxx.com.19838: NTPv2, Reserved, length 440

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post