Tag Archives: FreeNAS 9.2.1

FreeNas Naughty NTP

Posted in FreeNAS, Technology by

Seems like FreeNas 9.2.0 and earlier shipped with ntpd enabled and listening for monitoring requests.  Recently got a notice that one of my machines was part of a DDoS attack on port 123 (NTP).  It was a NTP reflection attack and my freenas box was responding to the requests.

I should say, this will only affect you if your FreeNas box is internet facing or if you have port 123 forwarded to it.

So for a fix, ssh’d in and edited /etc/ntp.conf

Added:

disable monitor

Then stopped and restarted ntpd

service ntpd stop

service ntpd start

To verify that the problem is fixed,

ntpdc -n -c monlist 127.0.0.1

You should get a no connection error…or something like that.

Then, we want to:

mount -uw /

vi /conf/base/etc/ix.rc.d/ix-ntpd

scroll down to where you see EOF and right before that insert (i in vi):

disable monitor

Hit esc to exist insert mode and type :wq enter to save and quit

Make the file system read only again

mount -ur /

That should do it.  Your other option is to upgrade to 9.2.1 or higher.

Advertisement

Contemplating the next writeup.

Posted in FreeNAS, Technology by

Wondering if there is more interest in a writeup on setting up owncloud on FreeNAS 9.2.1 or if you’d rather have a writeup on setting up CrashPlan on FreeNAS 9.2.1?  I have owncloud working, so that would be the easier one.  CrashPlan is a difficult little bugger, so that will take some more work.  Or maybe there is something else entirely.  Vote it up and we’ll see what happens.