|
|
|
|
|
|
by biot
4515 days ago
|
|
|
The fine article states: You can check whether there are open NTP servers that
support the MONLIST command running on your network by
visiting the Open NTP Project[0]. Even if you don't think
you're running an NTP server, you should check your
network because you may be running one inadvertently.
[0] links to http://openntpproject.org/ |
|
|
https://github.com/sensepost/ntp_monlist
It at least correctly identifies ntp0.ovh.net as responding -- and seems to match up with what openntpproject.org thinks...
[edit: apparently this (partly) also illustrates why more people should heed the advice to "run only what you need, listen only where you must" -- or in other words, make sure that:
gives essentially no output, at the very least not a lot of 0.0.0.0:x (listening on all interfaces). I'm always a little sad when people don't check that, and just throw up some complicated iptables-rules -- before checking if they're actually running some daemons that should be removed, or pointed at less public interfaces.]