D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] shodan.io scanning ipv6 npt clients

 

Thanks for sharing that Dave.

It does look like the NTP Pool is now aware of this and at least "some" of the bad 
volunteers has been removed: http://seclists.org/oss-sec/2016/q1/239

However, it does go to show how the scanners think - NTP - DNS - some other 
protocol...

My recommendation is to at least narrow use to a "local" pool (refer to: 
http://www.pool.ntp.org/zone/uk), rather than something OS specific such as 
debian.ntp.org - and if the scanning only occurs "once" per IP address, then maybe 
setup a local (secured) NTP peer (say, on a firewall) and use that for any internal 
machines to sync against.

Cheers,

Steve

-----Original Message-----
From: list [mailto:list-bounces@xxxxxxxxxxxxx] On Behalf Of Dave Morgan
Sent: 27 January 2016 18:12
To: list@xxxxxxxxxxxxx
Subject: [LUG] shodan.io scanning ipv6 npt clients

If you use ipv6, make sure it is firewalled (link reposted from ntp pool mail list)

http://netpatterns.blogspot.de/2016/01/the-rising-sophistication-of-network.html

best regards
DAve

--
The Mailing List for the Devon & Cornwall LUG 
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq