I have a GENERIC 4.1 box running ntpd as a server that is now part of au.pool.ntp.org and suddenly (once the world discovered it) the logs began to fill with entries like: Oct 19 16:46:05 freya ntpd[12012]: malformed packet received from 121.216.235.111 Oct 19 16:46:19 freya ntpd[12012]: malformed packet received from 144.131.135.143 Oct 19 16:46:25 freya ntpd[12012]: malformed packet received from 58.173.48.94 Oct 19 16:46:46 freya ntpd[12012]: malformed packet received from 58.168.107.247 Oct 19 16:47:20 freya ntpd[12012]: malformed packet received from 144.131.135.143 Oct 19 16:48:21 freya ntpd[12012]: malformed packet received from 144.131.135.143 Oct 19 16:48:29 freya ntpd[12012]: malformed packet received from 58.168.107.247 Oct 19 16:49:22 freya ntpd[12012]: malformed packet received from 144.131.135.143
So I went running to Mrs Google and she didn't say much really but one entry showed that somebody found that one version of Debian could deal with an early OBSD ntpd but a later Deb could not. I followed up some cvs entries for "our" ntpd and I can see the message text there but nothing much to let me figure out if it can be mitigated in any way. Ohh whoops! I just saw the tail -f daemon stop scrolling and it's now been silent for several minutes after nearly an hour where a bunch of Telstra (not my ISP) adsl customers repeatedly hammered the box. Anyway can someone please give me a clue as to what the effect is at t'other end clients? If it starts again what is the best tcpdump recipe to capture data that smart people need? I did a tcpdump -X -s 1500 -nettti rl0 udp and dst 218.214.194.118 but the output did not mean much to me . Any other clues? Thanx, Rod/ >From the land "down under": Australia. Do we look <umop apisdn> from up over?
