On 08/30/2011 07:58 PM, Always Learning wrote: > > Curiously examining some of the blocked IP addresses in the daily > Logwatch report, I notice strange sites attempting to connect to our > servers on port 123 (the time port). > > I also notice our servers successfully contacting official time > references centres which are not those sites trying to connect to us. I > notice too the installed time software is listening on every available > IP. I can not identity any options in any configuration files to > turn-off this listening. > > Why are unknown sites attempting to connect to our server to, I assume, > sample the time and how does one turn-off the software's listening on > every IP address, including 127.0.0.1 ? > > Thanks, > > Paul. > You can use iptables to block that port for all but specified addresses... assuming you have iptables set up to deny (drop) all by default, simply adding -A INPUT -s xxx.xxx.xxx.xxx/255.255.255.0 -i eth0 -p tcp -m tcp --dport 123 -j ACCEPT ...to your rule list will allow the specified net address(es) to contact you on port 123. the above, of course, assumes your input port is eth0 (change that, if different on your system), and that the NTP server uses TCP protocol (change that to UDP, otherwise). should be enough to get you started on the right track, anyway.