Using IPv6 ntp? You’ve likely been visited by Shodan and other scanners
From http://arstechnica.com/security/2016...ther-scanners/
Quote:
One of the benefits of the next-generation Internet protocol known as IPv6 is the enhanced privacy it offers over its IPv4 predecessor. With a staggering 2128 (or about 3.4×1038) theoretical addresses available, its IP pool is immune to the types of systematic scans that criminal hackers and researchers routinely perform to locate vulnerable devices and networks with IPv4 addresses. What's more, IPv6 addresses can contain regularly changing, partially randomized extensions. Together, the IPv6 features cloak devices in a quasi anonymity that's not possible with IPv4.
[snip]
Shodan—the vulnerability search engine that indexes Internet-connected devices—has been quietly contributing NTP services for months to the cluster of volunteer time servers known as the NTP Pool Project. To increase the number of connections to three recently identified Shodan-run servers, each one had 15 virtual IP addresses. The added addresses effectively multiplied the volume of traffic they received by 15-fold, increasing the odds that Shodan would see new devices. Within seconds of one of the Shodan's NTP servers receiving a query from an IPv6 device, Shodan's main scanning engine would scan more than 100 ports belonging to the device. The Shodan scanner would then revisit the device roughly once a day.
|
Also see the source/original report at http://netpatterns.blogspot.de/2016/...f-network.html
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Last edited by J65nko; 1st February 2016 at 10:14 PM.
Reason: Added original report
|