Blimey - from here:

http://support.ntp.org/bin/view/Support/AccessRestri...

6.5.1.1.2. Blocking Unauthorized Access

If your ntpd is publicly accessible, do you really need to block all connections from unauthorized hosts?

If the answer is "No", skip to 6.5.1.1.3. Allow Queries?

If the answer is "Yes" use the following default restriction (and keep in mind that you will have to add restrict lines for every authorized server and client host/subnet as described in 6.5.1.2.1. If you used 'restrict default ignore'):

IPV4: restrict default ignore
IPv6: restrict -6 default ignore

What I did was firewall off port 123 (after the horse has bolted) and added this to ntp.conf:

restrict 12.34.56.0 mask 255.255.255.0 nomodify notrap

which allows my local network access (not real IP there) but nobody else.

Maybe you need something like it but with IPV6 addresses.

Nick
EDIT: I pasted wrong info

Edited by deleted (Sat 15-Feb-14 12:23:52)

Hmm, I need to do some reading, that's obvious!

Then I need to try to understand what I'm reading, that's likely to be the tricky bit

Thanks for that.

Sorry, just edited above post - have another read.

Nick

IPV6 port scanner.

http://ipv6.chappell-family.com/ipv6tcptest/

Nick

I think what I said before still applies- I don't know a lot about IPv4 and even less about IPv6

lethe / caffn8me - Cheers for that. Just wondering if routers out there are default 'on' state, and whether that's necessary for normal operation.

Bill - Unless you think you're getting DDos attacks, I wouldn't worry.

If you want to see what it looks like... gulp:

http://linicks.net/ntpddos.png

Nick

In reply to a post by camieabz:

.

Bill - Unless you think you're getting DDos attacks, I wouldn't worry.

No, no, noooooo. This is what happened to me, and reading up, the bot[s] mark open NTP servers and collate for a while. Then *BANG* your server gets hit into the DDoS.

Now, at this stage, you shut it down/firewall/whatever... but the rest of the bot network STILL keep hitting you non-stop 100's of hits a minute with 1000's of IP's.

It is unrelenting - and even at this stage, I was still using up about 3MB an hour on this. The modem light doesn't stop flashing for a second.

Hence why I had to get an IP change (ISP will park my old IP for a few weeks, hoping it will fade away).

Nick

Edited by deleted (Sat 15-Feb-14 16:14:16)

In reply to a post by camieabz:

Bill - Unless you think you're getting DDos attacks, I wouldn't worry.

That's more or less the conclusion I've come to- I've had a google around and looked at the files that OS X appears to use (it's got a separate .conf file for restrictions) and decided that meddling is a higher risk approach than hoping I don't get attacked

The iMac runs with a dynamic IPv6 address anyway (though the router is fixed), and with a /48 allocation a reboot should slow them down a bit while they try to find where I've gone

Bill, don't get complacent:

http://blog.cloudflare.com/understanding-and-mitigat...

Nick