xntpd sendto (possible hack?)
Paul Howarth
paul at city-fan.org
Thu Sep 8 14:01:13 UTC 2005
Lovell Mcilwain wrote:
>
>
> Paul Howarth wrote:
>
>> Lovell Mcilwain wrote:
>>
>>> Hello all,
>>>
>>> I just installed a logwatch on my machine and ran it for the first
>>> time just a few minutes ago. It showed me something very interesting
>>> and it was the only thing in the logwatch log. Just a bunch of the
>>> same entries. The IP address varied but most of them looked like
>>> invalid arguments except for about 3 of them that didn't. See below:
>>>
>>> --------------------- XNTPD Begin ------------------------
>>> **Unmatched Entries**
>>> .....
>>> sendto(80.190.233.67): Invalid argument
>>> synchronized to 80.190.233.67, stratum 2
>>> synchronized to 80.33.117.152, stratum 3
>>> sendto(80.190.233.67): Invalid argument
>>> .....
>>> ---------------------- XNTPD End -----------------------
>>>
>>> Does anyone know what this means or can this possibly mean that my
>>> system has been hacked?
>>
>>
>>
>> These entries mean that some of the ntp servers you're using (probably
>> results returned from lookups of pool.ntp.org) aren't responding
>> reliably. This is not unusual and may be a result of issues with your
>> own network link.
>>
>> Paul.
>>
> I did check my preferences for my time server and found that I didn't
> have a time server specified even though I had ntp enabled. I guess my
> other question is, if I don't manually specify one, does it choose from
> any of the other ones as a default? I noticed in my ntp.conf file there
> a bunch of time servers listed. But does it restrict itself to the #
> --- OUR TIMESERVERS ----- section?
What's the output of:
$ grep '^[^#]*server' /etc/ntp.conf
Paul.
More information about the users
mailing list