xntpd sendto (possible hack?)
Lovell Mcilwain
lovell.mcilwain at gmail.com
Thu Sep 8 14:35:08 UTC 2005
Paul Howarth wrote:
> Lovell Mcilwain wrote:
>
>>
>>
>> Paul Howarth wrote:
>>
>>> Lovell Mcilwain wrote:
>>>
>>>>
>>>>
>>>> Paul Howarth wrote:
>>>>
>>>>> Lovell Mcilwain wrote:
>>>>>
>>>>>> Hello all,
>>>>>>
>>>>>> I just installed a logwatch on my machine and ran it for the
>>>>>> first time just a few minutes ago. It showed me something very
>>>>>> interesting and it was the only thing in the logwatch log. Just
>>>>>> a bunch of the same entries. The IP address varied but most of
>>>>>> them looked like invalid arguments except for about 3 of them
>>>>>> that didn't. See below:
>>>>>>
>>>>>> --------------------- XNTPD Begin ------------------------
>>>>>> **Unmatched Entries**
>>>>>> .....
>>>>>> sendto(80.190.233.67): Invalid argument
>>>>>> synchronized to 80.190.233.67, stratum 2
>>>>>> synchronized to 80.33.117.152, stratum 3
>>>>>> sendto(80.190.233.67): Invalid argument
>>>>>> .....
>>>>>> ---------------------- XNTPD End -----------------------
>>>>>>
>>>>>> Does anyone know what this means or can this possibly mean that
>>>>>> my system has been hacked?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> These entries mean that some of the ntp servers you're using
>>>>> (probably results returned from lookups of pool.ntp.org) aren't
>>>>> responding reliably. This is not unusual and may be a result of
>>>>> issues with your own network link.
>>>>>
>>>>> Paul.
>>>>>
>>>> I did check my preferences for my time server and found that I
>>>> didn't have a time server specified even though I had ntp enabled.
>>>> I guess my other question is, if I don't manually specify one, does
>>>> it choose from any of the other ones as a default? I noticed in my
>>>> ntp.conf file there a bunch of time servers listed. But does it
>>>> restrict itself to the # --- OUR TIMESERVERS ----- section?
>>>
>>>
>>>
>>>
>>> What's the output of:
>>> $ grep '^[^#]*server' /etc/ntp.conf
>>>
>>> Paul.
>>>
>> The command was not recognized.
>> root at localhost etc]# $ grep '^[^#]*server' /etc/ntp.conf
>> -bash: $: command not found
>> [root at localhost etc]#
>
>
> "$" was the prompt; "grep" was the command. You don't need to be root
> to run this.
>
> Paul.
Of course, I should have known that. Here is the output.
[root at localhost etc]# grep '^[^#]*server' /etc/ntp.conf
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 127.127.1.0
[root at localhost etc]#
More information about the fedora-list
mailing list