What is all this ntp traffic at startup? (Solved)

[ccaaee]

Hello

I'm running tcpdump on a separate server watching traffic on an installed-to-hd puppy (Precise Puppy version 5.6).
When this puppy starts up there is a flood of ntp requests to strange and dubious sounding sites.

Does anyone have any what is going on?

thanks

[Moose On The Loose]

Hello

I'm running tcpdump on a separate server watching traffic on an installed-to-hd puppy (Precise Puppy version 5.6).
When this puppy starts up there is a flood of ntp requests to strange and dubious sounding sites.

Does anyone have any what is going on?

thanks

Perhaps psync is messed up.
The version that came with 528 could be messed up by one of its configuration files being wrong. Try setting up psync again and see if it stops happening

[ccaaee]

To make a long story short psync ends up by calling :
ntpdate europe.pool.ntp.org

Now, I don't know how europe.pool.ntp.org is controlled but by running ntpdate europe.pool.ntp.org I see some of the funniest names (eg. mafia.org). Is anyone aware of security risks associated with ntp?

[Moose On The Loose]

To make a long story short psync ends up by calling :
ntpdate europe.pool.ntp.org

Now, I don't know how europe.pool.ntp.org is controlled but by running ntpdate europe.pool.ntp.org I see some of the funniest names (eg. mafia.org). Is anyone aware of security risks associated with ntp?

I have a vague memory of something in the past. It was more a matter of a denial of service attack than anything. There was a way to get NTP servers to send huge amounts of data to a victim.

[ccaaee]

thanks for this

I just replaced psync with a script running ntpdate to another ntp server here in europe

C