Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Unexpected origin timestamp?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dasPaul
Apprentice
Apprentice


Joined: 14 Feb 2012
Posts: 192
Location: Dresden

PostPosted: Mon Feb 15, 2016 6:42 am    Post subject: Unexpected origin timestamp? Reply with quote

I have ntpd which starts with boot.
Someone trying to attack my ntpd service?
Quote:
ntpd[2860]: Listen normally on 2 eth0 XXX.XXX.XXX.XXX:XXX
ntpd[2860]: receive: Unexpected origin timestamp 0xda6bee98.a20892fe from 85.XX.XX.XX xmt 0xda6bee98.431ca7d6


Should I worry? ntpd -v Ver. 4.2.8p6
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Mon Feb 15, 2016 11:30 am    Post subject: Re: Unexpected origin timestamp? Reply with quote

dasPaul wrote:
Should I worry? ntpd -v Ver. 4.2.8p6

dasPaul ... no, it seems to be a "priming-the-pump attack" and should be fixed in ntpd > v4.2.8p4 (see link).

best ... khay
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 564
Location: France

PostPosted: Mon Feb 15, 2016 1:09 pm    Post subject: Reply with quote

Do you need to make ntpd listen on internet ? If not, you should set
Code:
interface ignore wildcard
interface listen <the needed NICs only>

in ntp.conf, and/or use some "restrict" rules.

You can (should ?) add a sufficiently restricting firewall to avoid unexpected connections too.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum