On Tue, 2011-08-30 at 20:15 -0400, brian wrote:
> On 08/30/2011 07:58 PM, Always Learning wrote:
> >
> > Curiously examining some of the blocked IP addresses in the daily
> > Logwatch report, I notice strange sites attempting to connect to our
> > servers on port 123 (the time port).
> >
> > I also notice our servers successfully contacting official time
> > references centres which are not those sites trying to connect to us. I
> > notice too the installed time software is listening on every available
> > IP. I can not identity any options in any configuration files to
> > turn-off this listening.
> >
> > Why are unknown sites attempting to connect to our server to, I assume,
> > sample the time and how does one turn-off the software's listening on
> > every IP address, including 127.0.0.1 ?
> You can use iptables to block that port for all but specified addresses...
>
> assuming you have iptables set up to deny (drop) all by default, simply adding
>
>
> -A INPUT -s xxx.xxx.xxx.xxx/255.255.255.0 -i eth0 -p tcp -m tcp --dport 123 -j ACCEPT
I think the -i eth0 is not needed with only one physical network
interface. I don't use -m tcp and the instruction shown in your example
works well without the -m tcp.
Using IPtables caused the block ports with their IP addresses and their
packet details to appear in Logwatch. As a keen user of IPtables I am
currently looking at blocking some packets on their contents (-m
string ......) before trying the 'bad guy' site IP blocking determined
by hackers packets (-m recent .......)
However I am curious to know why strange sites contact our servers on
port 123 and why the installed Centos time software listens on every
available IP address.
Best regards,
Paul.
--
With best regards,
Paul.
England,
EU.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
