[44016] in SIPB IPv6
Fwd: [help.mit.edu #2970179] Exploitable NTP server used for an attack:
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Thu Sep 11 12:04:11 2014
Date: Thu, 11 Sep 2014 09:04:01 -0700
From: Bill Sommerfeld <sommerfeld@hamachi.org>
To: sipb-machine-room@mit.edu
CC: sipbv6@mit.edu
In-Reply-To: <rt-4.0.13-18861-1410444619-851.2970179-15315-0@help.mit.edu>
I'm not sure why I'm still listed as contact for limekiller. Can
someone take care of this? Thanks.
-------- Forwarded Message --------
Subject: [help.mit.edu #2970179] Exploitable NTP server used for an
attack: 18.187.1.231
Date: Thu, 11 Sep 2014 10:10:19 -0400
From: Andrew Munchbach via RT <security@mit.edu>
Reply-To: security@mit.edu
To: wesommer@mit.edu
William,
Could you please configure 18.187.1.231 to only respond to NTP requests
from MIT's internal networks or disable NTP it is non disruptive?
We've received a complaint that this host was participating in a DDoS
using UDP 123.
Regards,
Andrew
Nmap scan report for LIMEKILLER-W20-ETHER.MIT.EDU (18.187.1.231)
Host is up (0.00034s latency).
PORT STATE SERVICE
123/udp open ntp
