You are not logged in.

Pages: 1

#1 2011-11-28 22:24:23

train_wreck
Member
Registered: 2011-10-22
Posts: 97

Active connections on router box noticed after installing openntpd

Hey folks.

So I decided to try out using ntp on my linux servers. I went with openntpd cause it appears to be simple enough of an implementation. I'm not running any sort of time server or anything, I'm just syncing all my systems on the network to '0.us.pool.ntp.org'

I put openntpd on my gateway box. This is an ancient IBM desktop that I threw an extra NIC into and turned into a simple NAT box. Runs great, really sweet to have full iptables logs of all dropped packets coming from random places on the net. I've got openntpd running with the following config:

# $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $
# sample ntpd configuration file, see ntpd.conf(5)

# Addresses to listen on (ntpd does not listen by default)
#listen on 0.0.0.0
#listen on 127.0.0.1
#listen on ::1

# sync to a single server
#server ntp.example.org

# use a random selection of 8 public stratum 2 servers
# see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers
server 0.us.pool.ntp.org

It seems to do well, as I'm getting a bunch of "adjusting local clock" type of entries in /var/log/daemon.log

However, i've noticed this with netstat -a:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 pLAN9-Gateway.pLAN9:ssh *:*                     LISTEN
tcp        0      0 pLAN9-Gateway.pLAN9:ssh pLAN9-Wil.pLAN9.s:56167 ESTABLISHED
udp        0      0 c-69-137-117-20.h:59605 utility-lax.rack911:ntp ESTABLISHED
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     SEQPACKET  LISTENING     5156     /run/udev/control
unix  7      [ ]         DGRAM                    6378     /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     6382     /run/syslog-ng.ctl
unix  2      [ ]         DGRAM                    7819
unix  3      [ ]         STREAM     CONNECTED     7793
unix  3      [ ]         STREAM     CONNECTED     7792
unix  2      [ ]         DGRAM                    7789
unix  2      [ ]         DGRAM                    6821
unix  3      [ ]         STREAM     CONNECTED     6812
unix  3      [ ]         STREAM     CONNECTED     6811
unix  2      [ ]         DGRAM                    6780
unix  2      [ ]         DGRAM                    6492
unix  3      [ ]         DGRAM                    5163
unix  3      [ ]         DGRAM                    5162

I've noticed consistent established connections to various sites (in this case "utility-lax.rack911") using UDP and classified as an ntp connection. Is this normal? Should I be worried about these constant connections? Do they represent any sort of hole or flaw with the security of my network?

Info would be much appreciated. Thanks.

Offline

Pages: 1

Board footer

Powered by FluxBB