xntpd sendto (possible hack?)
Lovell Mcilwain
lovell.mcilwain at gmail.com
Thu Sep 8 14:06:17 UTC 2005
Paul Howarth wrote:
> Lovell Mcilwain wrote:
>
>>
>>
>> Paul Howarth wrote:
>>
>>> Lovell Mcilwain wrote:
>>>
>>>> Hello all,
>>>>
>>>> I just installed a logwatch on my machine and ran it for the first
>>>> time just a few minutes ago. It showed me something very
>>>> interesting and it was the only thing in the logwatch log. Just a
>>>> bunch of the same entries. The IP address varied but most of them
>>>> looked like invalid arguments except for about 3 of them that
>>>> didn't. See below:
>>>>
>>>> --------------------- XNTPD Begin ------------------------
>>>> **Unmatched Entries**
>>>> .....
>>>> sendto(80.190.233.67): Invalid argument
>>>> synchronized to 80.190.233.67, stratum 2
>>>> synchronized to 80.33.117.152, stratum 3
>>>> sendto(80.190.233.67): Invalid argument
>>>> .....
>>>> ---------------------- XNTPD End -----------------------
>>>>
>>>> Does anyone know what this means or can this possibly mean that my
>>>> system has been hacked?
>>>
>>>
>>>
>>>
>>> These entries mean that some of the ntp servers you're using
>>> (probably results returned from lookups of pool.ntp.org) aren't
>>> responding reliably. This is not unusual and may be a result of
>>> issues with your own network link.
>>>
>>> Paul.
>>>
>> I did check my preferences for my time server and found that I didn't
>> have a time server specified even though I had ntp enabled. I guess
>> my other question is, if I don't manually specify one, does it choose
>> from any of the other ones as a default? I noticed in my ntp.conf
>> file there a bunch of time servers listed. But does it restrict
>> itself to the # --- OUR TIMESERVERS ----- section?
>
>
> What's the output of:
> $ grep '^[^#]*server' /etc/ntp.conf
>
> Paul.
>
The command was not recognized.
root at localhost etc]# $ grep '^[^#]*server' /etc/ntp.conf
-bash: $: command not found
[root at localhost etc]#
More information about the users
mailing list