View previous topic :: View next topic |
Author |
Message |
dasPaul Apprentice
Joined: 14 Feb 2012 Posts: 243 Location: Dresden
|
Posted: Mon Feb 15, 2016 6:42 am Post subject: Unexpected origin timestamp? |
|
|
I have ntpd which starts with boot.
Someone trying to attack my ntpd service?
Quote: | ntpd[2860]: Listen normally on 2 eth0 XXX.XXX.XXX.XXX:XXX
ntpd[2860]: receive: Unexpected origin timestamp 0xda6bee98.a20892fe from 85.XX.XX.XX xmt 0xda6bee98.431ca7d6 |
Should I worry? ntpd -v Ver. 4.2.8p6 |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Mon Feb 15, 2016 11:30 am Post subject: Re: Unexpected origin timestamp? |
|
|
dasPaul wrote: | Should I worry? ntpd -v Ver. 4.2.8p6 |
dasPaul ... no, it seems to be a "priming-the-pump attack" and should be fixed in ntpd > v4.2.8p4 (see link).
best ... khay |
|
Back to top |
|
|
Syl20 l33t
Joined: 04 Aug 2005 Posts: 619 Location: France
|
Posted: Mon Feb 15, 2016 1:09 pm Post subject: |
|
|
Do you need to make ntpd listen on internet ? If not, you should set
Code: | interface ignore wildcard
interface listen <the needed NICs only> |
in ntp.conf, and/or use some "restrict" rules.
You can (should ?) add a sufficiently restricting firewall to avoid unexpected connections too. |
|
Back to top |
|
|
|