[44017] in SIPB IPv6
Re: Fwd: [help.mit.edu #2970179] Exploitable NTP server used for
daemon@ATHENA.MIT.EDU (=?UTF-8?B?IkFsZWphbmRybyBSLiBTZWRl)
Thu Sep 11 12:12:27 2014
Date: Thu, 11 Sep 2014 12:12:18 -0400
From: =?UTF-8?B?IkFsZWphbmRybyBSLiBTZWRlw7FvIg==?= <asedeno@mit.edu>
To: Bill Sommerfeld <sommerfeld@hamachi.org>, sipb-machine-room@mit.edu
CC: sipbv6@mit.edu
In-Reply-To: <5411C7F1.1090209@hamachi.org>
I've restricted it to only talk to localhost for now.
-Alejandro
On 09/11/2014 12:04 PM, Bill Sommerfeld wrote:
> I'm not sure why I'm still listed as contact for limekiller. Can someone
> take care of this? Thanks.
>
>
>
> -------- Forwarded Message --------
> Subject: [help.mit.edu #2970179] Exploitable NTP server used for an
> attack: 18.187.1.231
> Date: Thu, 11 Sep 2014 10:10:19 -0400
> From: Andrew Munchbach via RT <security@mit.edu>
> Reply-To: security@mit.edu
> To: wesommer@mit.edu
>
> William,
>
> Could you please configure 18.187.1.231 to only respond to NTP requests
> from MIT's internal networks or disable NTP it is non disruptive?
>
> We've received a complaint that this host was participating in a DDoS
> using UDP 123.
>
> Regards,
> Andrew
>
> Nmap scan report for LIMEKILLER-W20-ETHER.MIT.EDU (18.187.1.231)
> Host is up (0.00034s latency).
> PORT STATE SERVICE
> 123/udp open ntp
>
>
>
