Re: xntpd sendto (possible hack?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Paul Howarth wrote:

Lovell Mcilwain wrote:

Paul Howarth wrote:

Lovell Mcilwain wrote:

Paul Howarth wrote:

Lovell Mcilwain wrote:

Paul Howarth wrote:

Lovell Mcilwain wrote:

Hello all,

I just installed a logwatch on my machine and ran it for the first time just a few minutes ago. It showed me something very interesting and it was the only thing in the logwatch log. Just a bunch of the same entries. The IP address varied but most of them looked like invalid arguments except for about 3 of them that didn't. See below:

--------------------- XNTPD Begin ------------------------
**Unmatched Entries**
.....
sendto(80.190.233.67): Invalid argument
synchronized to 80.190.233.67, stratum 2
synchronized to 80.33.117.152, stratum 3
sendto(80.190.233.67): Invalid argument
.....
---------------------- XNTPD End -----------------------

Does anyone know what this means or can this possibly mean that my system has been hacked?


These entries mean that some of the ntp servers you're using (probably results returned from lookups of pool.ntp.org) aren't responding reliably. This is not unusual and may be a result of issues with your own network link.

I did check my preferences for my time server and found that I didn't have a time server specified even though I had ntp enabled. I guess my other question is, if I don't manually specify one, does it choose from any of the other ones as a default? I noticed in my ntp.conf file there a bunch of time servers listed. But does it restrict itself to the # --- OUR TIMESERVERS ----- section?


What's the output of:
$ grep '^[^#]*server' /etc/ntp.conf


Of course, I should have known that.  Here is the output.

[root@localhost etc]# grep '^[^#]*server' /etc/ntp.conf
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 127.127.1.0


So, as suspected, you're using the default configuration, with time servers selected essentially at random from the pool.ntp.org set.

See http://www.pool.ntp.org/ for more details, including how to limit the servers to those more local to you.

Paul.

Thanks for the clarification. I couldn't understand how I got a time server so far out, but if its a pool then it makes more sense to me.

Lovell


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux