Menu
Reply
  • 1
  • 0
  • 0
Jimbo123456789
Just joined
124 Views
Message 1 of 2
Flag for a moderator

Bogus NTP Monlist letters

I keep receiving letters from Virgin saying that they've detected a vulnerable NTP server on my IP.

I can categorically say that this isn't the case. Even if I were running an NTP server on my network, which I'm not, my network is completely NAT'd. The only service which is reachable through the firewall on my router is a SSH server on a non-standard port (not 123 before you ask). 

I've verified from external IPs that there is no NTP server reachable, the firewall is configured to drop packets, you don't even get a closed socket response so the scan results are clearly incorrect. Even the self-scan service they recommend (openntpproject.org) indicates that there are no ntp servers reachable on my external ip or even the same /24 subnet.

The only contact details in the letter are a postal address, so is my only option to send them a letter in order to get them to stop mailing me?

0 Kudos
Reply
  • 1.43K
  • 154
  • 458
Superuser
Superuser
99 Views
Message 2 of 2
Flag for a moderator

Re: Bogus NTP Monlist letters

Rather that writing a letter to Virgin Media you may find it more productive to contact the Shadowserver Foundation to request your IP's scan results.