[ntp:security] Host participating in NTP Pool project also a Tor relay/router node

Inman, Ryan ryan.inman at simplot.com
Thu Feb 26 15:28:30 UTC 2015


I'm seeing events on our network for a host that is resolving to the following pools for ntp.  What I'm also seeing is an occasional event related to traffic over port 123 to a known tor relay/router node that also appears to be participating in your ntp pool.  I figured I would point it out to you all to see if you can investigate further and whether this ip should be in the ntp pool.  The destination IP we're resolving that is matching this event is 192.69.94.57.  Below is also a link to a tor status page where this IP is listed.  We're configured to resolve to the following servers and it appears to be in 0.ubuntu.pool.ntp.org.  Please let me know if you need anything further.  Thanks for the help.

0.ubuntu.pool.ntp.org
1.ubuntu.pool.ntp.org
2.ubuntu.pool.ntp.org
3.ubuntu.pool.ntp.org
ntp.ubuntu.com

Supporting information where this ip is listed...
http://torstatus.blutmagie.de/

Thanks,
Ryan I

Ryan Inman
J. R. Simplot Company | Security Technology Analyst
1301 N Orchard St, Suite 200, Boise, ID 83706-2200
Tel. (208) 780-0685 | Cell. (208) 999-0342

 [https://brand.simplot.com/signatures/img/corp.png]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20150226/0bfa6789/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 1.jpg
Type: image/jpeg
Size: 2707 bytes
Desc: Picture (Device Independent Bitmap) 1.jpg
URL: <http://lists.ntp.org/private/security/attachments/20150226/0bfa6789/attachment.jpg>


More information about the security mailing list