User profile for user: runefromtananger
runefromtananger Author
User level: Level 1
11 points

Ntp.conf file?

I have been notified by my internet-provider that I need to close an open NTP-service which allows my Mac to be used in potential DDOS attacks. They ask me to close down the NTP-service by editing/inserting two lines in the ntp.conf file. How do I locate the ntp.conf file and how do I edit the file?

iMac (27-inch Mid 2010), OS X Yosemite (10.10.2)

Posted on Apr 7, 2015 12:37 PM

Reply
6 replies
User profile for user: John Galt
John Galt
User level: Level 10
155,810 points

Apr 7, 2015 2:14 PM in response to runefromtananger

I would be extremely reluctant to do that if I were you. At the very least ask your ISP for their justification for modifying your Mac. They need to be specific. What two lines are they asking you to modify or add?


Open Terminal. It's in your Mac's Utilities folder. Determine the contents of the file /etc/ntp.conf


To do that copy and paste the following line in Terminal, and post its output:


cat /etc/ntp.conf


It does modify anything and it will not ask for your password. Close Terminal when you're finished with it.

Reply
User profile for user: VikingOSX
VikingOSX
User level: Level 10
123,464 points

Apr 7, 2015 2:22 PM in response to runefromtananger

The Date & Time System Preference has a checkbox to set date and time automatically from secure, worldwide Apple time servers. There are millions of OS X users with this setting enabled. How many ISP's are notifying these Mac users to change the contents of their NTP configuration files because of a DDOS threat?

You are being scammed, either by a threat source, or unknowledgeable ISP staff. Call up your ISP and independently verify this request. If the ISP is legitimately asking you to change a system configuration file on your Mac — find another ISP ASAP.

Reply
User profile for user: runefromtananger
runefromtananger Author
User level: Level 1
11 points

Apr 7, 2015 2:49 PM in response to John Galt

Thanks for your reply, John.

My ISP is asking me to insert these two lines in the file:


restrict default kod nomodify notrap nopeer noquery

restrict -6 default kod nomodify notrap nopeer noquery


And they are referring to this:


https://www.us-cert.gov/ncas/alerts/TA14-013A

http://thehackernews.com/2014/02/NTP-Distributed-Denial-of-Service-DDoS-attack.h tml


They are also asking me close/block port 123 with udp as protocol in my firewall.


Do you have any further comments?


I appreciate your feedback.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Ntp.conf file?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up