xntpd sendto (possible hack?)
Paul Howarth
paul at city-fan.org
Thu Sep 8 14:32:54 UTC 2005
Lovell Mcilwain wrote:
>
>
> Paul Howarth wrote:
>
>> Lovell Mcilwain wrote:
>>
>>>
>>>
>>> Paul Howarth wrote:
>>>
>>>> Lovell Mcilwain wrote:
>>>>
>>>>> Hello all,
>>>>>
>>>>> I just installed a logwatch on my machine and ran it for the first
>>>>> time just a few minutes ago. It showed me something very
>>>>> interesting and it was the only thing in the logwatch log. Just a
>>>>> bunch of the same entries. The IP address varied but most of them
>>>>> looked like invalid arguments except for about 3 of them that
>>>>> didn't. See below:
>>>>>
>>>>> --------------------- XNTPD Begin ------------------------
>>>>> **Unmatched Entries**
>>>>> .....
>>>>> sendto(80.190.233.67): Invalid argument
>>>>> synchronized to 80.190.233.67, stratum 2
>>>>> synchronized to 80.33.117.152, stratum 3
>>>>> sendto(80.190.233.67): Invalid argument
>>>>> .....
>>>>> ---------------------- XNTPD End -----------------------
>>>>>
>>>>> Does anyone know what this means or can this possibly mean that my
>>>>> system has been hacked?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> These entries mean that some of the ntp servers you're using
>>>> (probably results returned from lookups of pool.ntp.org) aren't
>>>> responding reliably. This is not unusual and may be a result of
>>>> issues with your own network link.
>>>>
>>>> Paul.
>>>>
>>> I did check my preferences for my time server and found that I didn't
>>> have a time server specified even though I had ntp enabled. I guess
>>> my other question is, if I don't manually specify one, does it choose
>>> from any of the other ones as a default? I noticed in my ntp.conf
>>> file there a bunch of time servers listed. But does it restrict
>>> itself to the # --- OUR TIMESERVERS ----- section?
>>
>>
>>
>> What's the output of:
>> $ grep '^[^#]*server' /etc/ntp.conf
>>
>> Paul.
>>
> The command was not recognized.
> root at localhost etc]# $ grep '^[^#]*server' /etc/ntp.conf
> -bash: $: command not found
> [root at localhost etc]#
"$" was the prompt; "grep" was the command. You don't need to be root to
run this.
Paul.
More information about the fedora-list
mailing list