FreeNas Naughty NTP

Seems like FreeNas 9.2.0 and earlier shipped with ntpd enabled and listening for monitoring requests.  Recently got a notice that one of my machines was part of a DDoS attack on port 123 (NTP).  It was a NTP reflection attack and my freenas box was responding to the requests.

I should say, this will only affect you if your FreeNas box is internet facing or if you have port 123 forwarded to it.

So for a fix, ssh’d in and edited /etc/ntp.conf

Added:

disable monitor

Then stopped and restarted ntpd

service ntpd stop

service ntpd start

To verify that the problem is fixed,

ntpdc -n -c monlist 127.0.0.1

You should get a no connection error…or something like that.

Then, we want to:

mount -uw /

vi /conf/base/etc/ix.rc.d/ix-ntpd

scroll down to where you see EOF and right before that insert (i in vi):

disable monitor

Hit esc to exist insert mode and type :wq enter to save and quit

Make the file system read only again

mount -ur /

That should do it.  Your other option is to upgrade to 9.2.1 or higher.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s