[pkg-ntp-maintainers] Bug#806862: Bug#806862: receive: Unexpected origin timestamp from 61.219.119.38
Kurt Roeckx
kurt at roeckx.be
Wed Dec 2 17:22:41 UTC 2015
On Wed, Dec 02, 2015 at 07:44:47PM +0800, ??? Dan Jacobson wrote:
> Package: ntp
> Version: 1:4.2.8p4+dfsg-3+b1
>
> I saw
>
> 12? 02 19:39:46 jidanni5 ntpd[2246]: Soliciting pool server 61.219.119.38
> 12? 02 19:39:47 jidanni5 ntpd[2246]: Soliciting pool server 61.219.119.41
> 12? 02 19:39:47 jidanni5 ntpd[2246]: Soliciting pool server 117.56.73.145
> 12? 02 19:39:48 jidanni5 ntpd[2246]: Soliciting pool server 123.204.45.116
> 12? 02 19:39:48 jidanni5 ntpd[2246]: Soliciting pool server 123.204.45.116
> 12? 02 19:39:48 jidanni5 systemd[905]: Time has been changed
> 12? 02 19:39:48 jidanni5 ntpd[2246]: receive: Unexpected origin timestamp from 61.219.119.38
>
> http://www.cs.bu.edu/~goldbe/NTPattack.html says
>
> Attack 1 and Attack 2 (Denial of Service). Upgrade to ntpd v4.2.8p4. To
> see what ntpd version you are running, log into to your NTP server and
> type ntpq and then rv. Also, monitor the system log for error messages
> of the form "receive: Unexpected origin timestamp from %s", which could
> indicate that you are subject to a priming-the-pump attack.
Those message start to show up with 4.2.8p4. A few people see
them. I've already reported this upstream. I wouldn't worry
about this if you only see this for 1 peer.
Kurt
More information about the pkg-ntp-maintainers
mailing list