[44130] in SIPB IPv6
Re: Fwd: [help.mit.edu #2973238] Exploitable NTP server used for
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Tue Sep 16 17:26:32 2014
Date: Tue, 16 Sep 2014 14:26:22 -0700
From: Bill Sommerfeld <sommerfeld@hamachi.org>
To: Andrew Munchbach <amunch@mit.edu>,
"sipb-machine-room@mit.edu" <sipb-machine-room@mit.edu>,
=?windows-1252?Q?=22Alejandro_R=2E_Sede=F1o=22?= <asedeno@mit.edu>
CC: sipbv6@mit.edu
In-Reply-To: <43BB1AEC-0432-476E-A470-2515E8488084@mit.edu>
On 09/16/14 07:30, Andrew Munchbach wrote:
> SIPB,
>
> Could you check your servers and make sure they do not respond to NTP, SNMP, DNS, and/or CHARGEN requests that originate from outside our network?
for what little it's worth, this was first reported to me (erroneously) on
9/11/2014 as ticket 2970179. I forwarded the report to sipbv6@mit.edu and
sipb-machine-room@mit.edu ; at around noon on 9/11/14 asedeno@ responded and
said he fixed the machine. Since the followup shows an attack happening on
9/13, it looks like whatever fixes he made were not complete..
