[ntp:questions] "ntpd sendto invalid argument" with weird IPs

fortepianissimo at gmail.com fortepianissimo at gmail.com
Mon Nov 28 15:23:04 UTC 2005


I've noticed this ntpd error messages in my log (Fedora Core 3):

Nov 17 01:28:14 hostname ntpd[3762]: sendto(213.84.172.33): Invalid
argument

>From this post I learned the errors came from a limitation of the
current implementation of ntpd:

http://groups.google.com/group/comp.protocols.time.ntp/browse_frm/thread/2f9e1f9195346fe9?page=end&q=ntpd+sendto+invalid&hl=en&

and indeed around Nov 17 that time I restarted my network interface
(ppp0).


But my question is: in these error messages I always saw these 3 IPs
being reported:

61.206.115.3
213.84.172.33
213.238.47.29

and a lookup scared me:

3.115.206.61.in-addr.arpa domain name pointer
61.206.115.3.user.ad.il24.net.

33.172.84.213.in-addr.arpa domain name pointer vdben.xs4all.nl.

29.47.238.213.in-addr.arpa is an alias for
29.tallence.47.238.213.in-addr.arpa.
29.tallence.47.238.213.in-addr.arpa domain name pointer
lokschuppen.zs64.net.

None of these look like time servers, and some of them even host weird
websites.

I looked at my /etc directory and couldn't find these IP mentioned
anywhere.


Am I hacked? And how is it related to ntpd?

Thanks a LOT in advance!




More information about the questions mailing list