ISP abuse notice
Posted: Fri Jan 20, 2017 10:13 pm
The ISP for our stake center has sent me an email. I checked the headers and it seems legit though I haven't called them and I haven't called LDS Global Help desk. the message:
"Issue Description – A device on your network is capable of a network-impacting, distributed denial-of-service (DDoS) attack due to a flaw in the Network Time Protocol (NTP) on the device. Various commands in older versions of NTP can be easily exploited for malicious intent. "
it goes on to list the evidence:
Issue Description: NTP (Port 123) Vulnerability
Vulnerable Port: 123
Vulnerable IP Address:
Timestamp: 2017-01-15 04:06:33 GMT
It includes the IP address of our connection to our ISP that I verified. we do have a static address.
The email gives instructions on updating NTP protocol on our server. We aren't running any servers. Just windows 7 and 10 workstations.
I wouldn't think that the ISP could even see anything on our network with the Church Cisco Firewall in place. Could it be the firewall?
Another strange thing is the email sent to me was copied to a person (@xilec.com) at a company located in draper UT (I am in Alabama)
any ideas? seems like the higher tiers of support from the church are usually only available m-f 9 to 5 so may just wait to call until Monday.
Thanks
Michael STS
"Issue Description – A device on your network is capable of a network-impacting, distributed denial-of-service (DDoS) attack due to a flaw in the Network Time Protocol (NTP) on the device. Various commands in older versions of NTP can be easily exploited for malicious intent. "
it goes on to list the evidence:
Issue Description: NTP (Port 123) Vulnerability
Vulnerable Port: 123
Vulnerable IP Address:
Timestamp: 2017-01-15 04:06:33 GMT
It includes the IP address of our connection to our ISP that I verified. we do have a static address.
The email gives instructions on updating NTP protocol on our server. We aren't running any servers. Just windows 7 and 10 workstations.
I wouldn't think that the ISP could even see anything on our network with the Church Cisco Firewall in place. Could it be the firewall?
Another strange thing is the email sent to me was copied to a person (@xilec.com) at a company located in draper UT (I am in Alabama)
any ideas? seems like the higher tiers of support from the church are usually only available m-f 9 to 5 so may just wait to call until Monday.
Thanks
Michael STS