LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   NTP compromise? (https://www.linuxquestions.org/questions/linux-security-4/ntp-compromise-685667/)

Quakeboy02 11-24-2008 12:18 AM
NTP compromise?
 
I've been having some odd problems lately that I thought were related to networking. Essentially my access to the internet was freezing from time to time. I finally noticed that it was more or less on the few minutes before and after the half hour and that got me to wondering about ntp. I opened up the gnome time applet and there were a lot more ntp servers checked than I ever remember setting. I've cleared out all but 3 and the thing seems to have settled back into some level of normalcy.

My system: Debian, quad core AMD, wireless with WPA-PSK encryption to AT&T's wireless router. This is lower-middle class suburbia and I know everyone that has a router up that I can see. No holes in the firewall that I know of. This is not a commercial site. Just my access point.

So, have I been compromised through NTP or is this just some sort of meltdown/ NTP-timewar that was closing up my network every half hour?

nigelc 11-24-2008 12:25 AM
This sounds interesting what were the names of the servers?:)

cheers

Quakeboy02 11-24-2008 12:28 AM
Quote:
Originally Posted by nigelc (Post 3352433)
This sounds interesting what were the names of the servers?:)

cheers
They're gone, but I would swear that some were Debian Timeservers, which seemed strange.


All times are GMT -5. The time now is 01:13 PM.