Hi mate, Have a look here. Maybe you can find something interesting. Not sure if is your case
https://www.us-cert.gov/ncas/current-activity/2015/10/21/Vulnerabilities-Identified-Network-Time-Protocol-Daemon-ntpd Federici On 24 Oct 2015 07:43, <[email protected]> wrote: > Hi all, > > My understanding of kernel timekeeping is next to nothing, but something > very strange happened yesterday that looked like it might be an attack and > I'm wondering if it's happened to anyone else. > > The first symptom was that ntpd lost synchronisation. At this point I > didn't know why so I did things at random; consequently I don't know what > state the kernel time variables were in. > > One of the things I did was restart ntpd (a few times) and it had no > trouble contacting servers but refused to synchronise. Eventually I figured > out that my computer's clock was running too fast; gaining about 300 > milliseconds every minute. If I understand things correctly this is well > in excess of what can be adjusted with ntptime, although I did try. > > Eventually I crossed my fingers and rebooted the machine, hoping that > the kernel was just in a strange state that I was too ignorant to find. > > This worked. > > Now that it was fixed I went over the events and found (on the pool's > monitoring) that my computer started racing ahead at a very specific > moment, > and there was something in the logs at that moment: > > Oct 23 19:06:01 atlas inetd[163]: accept (for time): Software caused > connection abort > > Until this happened I had allowed TCP and UDP connections to inetd's > internal > daytime and time services. I didn't think there would be a problem with > this, but I've now blocked it. > > Has anyone seen anything like this before? Could it have been an attack? > > Thanks and regards, > > - Joel > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool > _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
