Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Operator » Open NTP Server warning
  •  
fishtech

Messages: 626
Karma: 14
Send a private message to this user
Hi ,

We received the following by email from our ISP:

We have determined that a device using your Internet connection is configured to run an open Network Time Protocol (NTP) server. An NTP server was observed answering public queries at Jan 31, 2014 at 1:33 PM EST at the IP address xxx.xxx.xxx.xxx. Our records indicate that this IP address was assigned to you at this time.

Open NTP servers have been used in recent distributed denial-of-service (DDoS) network attacks. An open NTP server can present additional load on your Internet connection and cause slow, unreliable service.



IP address xxx.xxx.xxx.xxx is our Operator box. Is there a way within Operator to allow NTP service for local network only?

Thanks,

ft.
  •  
Vladimir Toncar (Kerio)

Messages: 1696
Karma: 39
Send a private message to this user
Hi,

This has been addresses in Operator 2.2.3.

Vladimir
  •  
fishtech

Messages: 626
Karma: 14
Send a private message to this user
Very good,
Thanks,
ft.
  •  
vomsupport

Messages: 136
Karma: 2
Send a private message to this user
We upgraded to 2.2.3 but the NTP server still is open and responds to the monlist command.

  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
Hi,

the NTP protocol is secured by the built-in firewall and should be available only from the IP address group configured in Network->Firewall->Hardware Phone provisioning. The monlist command will work from those networks.

If you have different experience, please email me your support info file (link at the bottom of the System Health screen).

Filip
  •  
vomsupport

Messages: 136
Karma: 2
Send a private message to this user
It fails the test link at the cert advisory

http://openntpproject.org/
  •  
pcunix

Messages: 594
Karma: 33
Send a private message to this user
I can confirm that I can reach vomsupport's ntp with monlist from my server..

Tony Lawrence
Kerio Preferred Partner and Reseller
Certified for Connect, Control
http://aplawrence.com
  •  
vomsupport

Messages: 136
Karma: 2
Send a private message to this user
File uploaded

[File removed by Admin]

[Updated on: Fri, 14 February 2014 07:54] by Moderator

  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
  •  
vomsupport

Messages: 136
Karma: 2
Send a private message to this user
No message recieved..
  •  
Vladimir Toncar (Kerio)

Messages: 1696
Karma: 39
Send a private message to this user
@vomsupport, please check the section "Private Messaging" on this forum server or contact me at vtoncar at kerio dot com. We have a security recommendation for you that we do not want to share publicly here.
  •  
hunter19

Messages: 23
Karma: 0
Send a private message to this user
I have also upgraded to 2.2.3 on two Operator systems I manage. I have had notification again from my ISP that the NTP server is still vulnerable and participated in a DDoS attack last night Sad

Is there a fix available? My ISP are threatening to take us offline!
  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
Check the Operator's firewall configuration, make sure that provisioning is enabled only for local phones and that it is not open to the public.

Filip
  •  
hunter19

Messages: 23
Karma: 0
Send a private message to this user
I have checked Network > Firewall, and Provisioning is set to 'local clients'. I have checked the IP address group definition, and 'local clients' are address ranges for private networks, as expected.

Are other steps required to secure this?
vomsupport

Messages: 136
Karma: 2
Send a private message to this user
If you have access to a linux server outside your network you can test with this command

/usr/sbin/ntpdc <remote server>
monlist

If you get no response then you are protected from the outside your network.

[Updated on: Wed, 19 February 2014 06:36]

Previous Topic: Voicemail recording problem
Next Topic: Listening to recordings of calls without access to administrative functions
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Oct 18 03:55:39 CEST 2017

Total time taken to generate the page: 0.00587 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.