The ISP for our stake center has sent me an email. I checked the headers and it seems legit though I haven't called them and I haven't called LDS Global Help desk. the message:
"Issue Description – A device on your network is capable of a network-impacting, distributed denial-of-service (DDoS) attack due to a flaw in the Network Time Protocol (NTP) on the device. Various commands in older versions of NTP can be easily exploited for malicious intent. "
it goes on to list the evidence:
Issue Description: NTP (Port 123) Vulnerability
Vulnerable Port: 123
Vulnerable IP Address:
Timestamp: 2017-01-15 04:06:33 GMT
It includes the IP address of our connection to our ISP that I verified. we do have a static address.
The email gives instructions on updating NTP protocol on our server. We aren't running any servers. Just windows 7 and 10 workstations.
I wouldn't think that the ISP could even see anything on our network with the Church Cisco Firewall in place. Could it be the firewall?
Another strange thing is the email sent to me was copied to a person (@xilec.com) at a company located in draper UT (I am in Alabama)
any ideas? seems like the higher tiers of support from the church are usually only available m-f 9 to 5 so may just wait to call until Monday.
Thanks
Michael STS
ISP abuse notice
-
- New Member
- Posts: 32
- Joined: Wed Jul 20, 2011 10:30 am
- Location: Birmingham, AL USA
-
- Community Administrator
- Posts: 34422
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: ISP abuse notice
Try this: While on your church network, navigate to grc.com. Click on "ShieldsUp!" on the first two screens. Then "Proceed". Type in "123" and click "User Specified Custom Port Probe". I'd expect you to get "stealth".
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- New Member
- Posts: 32
- Joined: Wed Jul 20, 2011 10:30 am
- Location: Birmingham, AL USA
Re: ISP abuse notice
I did get Stealth as the result.
Also found out that xilec is a company that handles some billing for the church so they are on the account.
Also found out that xilec is a company that handles some billing for the church so they are on the account.
-
- Community Administrator
- Posts: 34422
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: ISP abuse notice
Wild speculation: might be what the ISP has noticed is that something on the network is using a old NTP protocol. It's not reachable from the outside, but if someone were to attack from within, then it could flood the internet. A quick Google shows a couple of people have received notices from Zen Internet.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- New Member
- Posts: 32
- Joined: Wed Jul 20, 2011 10:30 am
- Location: Birmingham, AL USA
Re: ISP abuse notice
In talking to our Facilities Manager they have gotten several of the notices a;; from the same ISP. Charter / Spectrum. The other issue here is the "threat" they give if it isn't resolved:
"Please be advised that Spectrum’s Acceptable Use Policy (AUP) explicitly prohibit actions, whether intentional or unintentional, that disrupt Charter’s network. These policies are available on https://www.charter.net/page/terms-of-service-policies/ for your convenience.
Repeated events and/or complaints pertaining to this network abuse issue may result in an interruption of your service. "
"Please be advised that Spectrum’s Acceptable Use Policy (AUP) explicitly prohibit actions, whether intentional or unintentional, that disrupt Charter’s network. These policies are available on https://www.charter.net/page/terms-of-service-policies/ for your convenience.
Repeated events and/or complaints pertaining to this network abuse issue may result in an interruption of your service. "
-
- Community Administrator
- Posts: 34422
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: ISP abuse notice
Which makes me wonder - what devices does FM have connected to the network? They may be what's triggering the notice. Things like thermostats, sprinker timers, etcetera will likely make time requests and are notorious for not getting software updates. These things may pre-date the phrase "Internet of Things" (IoT), but that's what they are.miken2av wrote:In talking to our Facilities Manager they have gotten several of the notices
I can't rule out something on the router, but it would be something of a major cringe for the church's networking department to let them get that far out of date. However, when it comes to FM's devices ....
Note that insecure IoT devices are now a major concern to ISPs and the biggest threat to the Internet itself. 10 things to know about the October 21 IoT DDoS attacks. Unfortunately, many users and companies don't see a problem with their unsecure devices because "hey, it works".
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Member
- Posts: 124
- Joined: Tue May 01, 2007 3:13 pm
- Location: Oregon
Re: ISP abuse notice
Xilec is a contractor the church uses to pay ISP's. Supposedly they monitor the bills and look for better deals. In fact, I don't think they do anything except pay the bills. If you check the address you will find it is a residential address.miken2av wrote:Another strange thing is the email sent to me was copied to a person (@xilec.com) at a company located in draper UT (I am in Alabama)