Open NTP Vulnerability letter
 

I received this yesterday, is it a generic letter they are sending out to everyone or are they targetting people identified as having this vulnerability?
I went to the website mentioned in the letter openntpproject.org but still really have no clue what it is I'm supposed to do :(

Re: Open NTP Vulnerability letter
 

I had one of those, found out it was my clearos router that had a ntp server running. Just turned the ntp server
off and never had another letter.

Re: Open NTP Vulnerability letter
 

it is nice that VM are being proactive in their network security but I think they are digging themselves a hole.

https://www.cableforum.co.uk/images/...2014/08/10.jpg

The website they ask you to go to isn't particularly user friendly and they are sort of scaring customers into going to PC World (who are useless) and paying money to get it fixed.

Re: Open NTP Vulnerability letter
 

I have a Synology NAS and in the firewall settings for that I found an option to disable NTP Service on port 123 which I've now done.
I'm assuming this is what Virgin were referring to (or at least I hope so) and no I wouldn't go near the numpties at PC World to sort something like this out they wouldn't have a clue :)

Re: Open NTP Vulnerability letter
 

I would love to walk in and do a survey and see if any of them actually know what ntp is.

Re: Open NTP Vulnerability letter
 

I assume this is sent out with the recent NTP amplification attack which generated around 400 Gbps traffic :shocked:

Re: Open NTP Vulnerability letter
 

lol, you just cant imagine having that amount of bandwidth at your fingertips.

Re: Open NTP Vulnerability letter
 

It's really not that exciting.

Re: Open NTP Vulnerability letter
 

What DSM version are you running? CVE-2013-5211 should have been fixed back in one of the DSM 4.3 updates and of course DSM5.0.4493 update4 is also available if your DS model is comparable?
Synology (Amazon cloudfront CDN)website appears temporarily unavailable but worth checking release notes as NTP vulnerability is one of many if you're not up-to-date!

Re: Open NTP Vulnerability letter
 

I have been on DSM5.0.4493 for a while and updated to update4 this week so not sure what else it could be if not the Synology box?

Re: Open NTP Vulnerability letter
 

Are they sending out to everyone who just has an NTP server public facing or only the ones that are actually vulnerable to the monlist type issues? It's the initial question asked in this thread but still no answered and would help everyone to know the answer.

Re: Open NTP Vulnerability letter
 

the way the VM letter is worded it sounds like they have done a port scan and/or other tests and have only sent the letter out to those who are vulnerable.

Re: Open NTP Vulnerability letter
 

It does say vulnerable in the letter but I have seen similar letters in different arena's that have been based on nothing more than a port scan. Guess that's why i'm less trusting of these letters and on top of that, its VM :p:

Re: Open NTP Vulnerability letter
 

Same here on a DS411J and I haven't received any similar letters. The NTP reflection/amplification vulnerability was also fixed in 4.3 by Synology in March anyway.
DSM5 should already be corrected[**], so unless VM checked prior to March then you shouldn't be causing the problem from the Synology ntp server anyway[*]?

[*] You only need NTP server typically when running Surveillance station (or High Availabilty) options. Using the normal port123 to sync the NAS to an external NTP server is not the vulnerability.

[**] I SSH'd into my DSM5.0.4493-4 and checked ntpdc "monlist" which reassuringly didn't respond. However I note the build was compiled 29May2014 so perhaps if VM ran a check for open NTP servers prior to any DSM5 June build it might have flagged it?