You are not logged in.
Hey folks.
So I decided to try out using ntp on my linux servers. I went with openntpd cause it appears to be simple enough of an implementation. I'm not running any sort of time server or anything, I'm just syncing all my systems on the network to '0.us.pool.ntp.org'
I put openntpd on my gateway box. This is an ancient IBM desktop that I threw an extra NIC into and turned into a simple NAT box. Runs great, really sweet to have full iptables logs of all dropped packets coming from random places on the net. I've got openntpd running with the following config:
# $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $
# sample ntpd configuration file, see ntpd.conf(5)
# Addresses to listen on (ntpd does not listen by default)
#listen on 0.0.0.0
#listen on 127.0.0.1
#listen on ::1
# sync to a single server
#server ntp.example.org
# use a random selection of 8 public stratum 2 servers
# see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers
server 0.us.pool.ntp.org
It seems to do well, as I'm getting a bunch of "adjusting local clock" type of entries in /var/log/daemon.log
However, i've noticed this with netstat -a:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 pLAN9-Gateway.pLAN9:ssh *:* LISTEN
tcp 0 0 pLAN9-Gateway.pLAN9:ssh pLAN9-Wil.pLAN9.s:56167 ESTABLISHED
udp 0 0 c-69-137-117-20.h:59605 utility-lax.rack911:ntp ESTABLISHED
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] SEQPACKET LISTENING 5156 /run/udev/control
unix 7 [ ] DGRAM 6378 /dev/log
unix 2 [ ACC ] STREAM LISTENING 6382 /run/syslog-ng.ctl
unix 2 [ ] DGRAM 7819
unix 3 [ ] STREAM CONNECTED 7793
unix 3 [ ] STREAM CONNECTED 7792
unix 2 [ ] DGRAM 7789
unix 2 [ ] DGRAM 6821
unix 3 [ ] STREAM CONNECTED 6812
unix 3 [ ] STREAM CONNECTED 6811
unix 2 [ ] DGRAM 6780
unix 2 [ ] DGRAM 6492
unix 3 [ ] DGRAM 5163
unix 3 [ ] DGRAM 5162
I've noticed consistent established connections to various sites (in this case "utility-lax.rack911") using UDP and classified as an ntp connection. Is this normal? Should I be worried about these constant connections? Do they represent any sort of hole or flaw with the security of my network?
Info would be much appreciated. Thanks.
Offline