FreeNas Naughty NTP


Seems like FreeNas 9.2.0 and earlier shipped with ntpd enabled and listening for monitoring requests.  Recently got a notice that one of my machines was part of a DDoS attack on port 123 (NTP).  It was a NTP reflection attack and my freenas box was responding to the requests.

I should say, this will only affect you if your FreeNas box is internet facing or if you have port 123 forwarded to it.

So for a fix, ssh’d in and edited /etc/ntp.conf

Added:

disable monitor

Then stopped and restarted ntpd

service ntpd stop

service ntpd start

To verify that the problem is fixed,

ntpdc -n -c monlist 127.0.0.1

You should get a no connection error…or something like that.

Then, we want to:

mount -uw /

vi /conf/base/etc/ix.rc.d/ix-ntpd

scroll down to where you see EOF and right before that insert (i in vi):

disable monitor

Hit esc to exist insert mode and type :wq enter to save and quit

Make the file system read only again

mount -ur /

That should do it.  Your other option is to upgrade to 9.2.1 or higher.

Contemplating the next writeup.


Wondering if there is more interest in a writeup on setting up owncloud on FreeNAS 9.2.1 or if you’d rather have a writeup on setting up CrashPlan on FreeNAS 9.2.1?  I have owncloud working, so that would be the easier one.  CrashPlan is a difficult little bugger, so that will take some more work.  Or maybe there is something else entirely.  Vote it up and we’ll see what happens.