Seems like FreeNas 9.2.0 and earlier shipped with ntpd enabled and listening for monitoring requests. Recently got a notice that one of my machines was part of a DDoS attack on port 123 (NTP). It was a NTP reflection attack and my freenas box was responding to the requests.
I should say, this will only affect you if your FreeNas box is internet facing or if you have port 123 forwarded to it.
So for a fix, ssh’d in and edited /etc/ntp.conf
Then stopped and restarted ntpd
service ntpd stop
service ntpd start
To verify that the problem is fixed,
ntpdc -n -c monlist 127.0.0.1
You should get a no connection error…or something like that.
Then, we want to:
mount -uw /
scroll down to where you see EOF and right before that insert (i in vi):
Hit esc to exist insert mode and type :wq enter to save and quit
Make the file system read only again
mount -ur /
That should do it. Your other option is to upgrade to 9.2.1 or higher.