[ntp:questions] "ntpd sendto invalid argument" with weird IPs

Danny Mayer mayer at ntp.isc.org
Tue Nov 29 04:09:13 UTC 2005


fortepianissimo at gmail.com wrote:
> I've noticed this ntpd error messages in my log (Fedora Core 3):
> 
> Nov 17 01:28:14 hostname ntpd[3762]: sendto(213.84.172.33): Invalid
> argument
> 
>>From this post I learned the errors came from a limitation of the
> current implementation of ntpd:
> 
> http://groups.google.com/group/comp.protocols.time.ntp/browse_frm/thread/2f9e1f9195346fe9?page=end&q=ntpd+sendto+invalid&hl=en&
> 
> and indeed around Nov 17 that time I restarted my network interface
> (ppp0).
> 

Work is underway to fix this.

> 
> But my question is: in these error messages I always saw these 3 IPs
> being reported:
> 
> 61.206.115.3
> 213.84.172.33
> 213.238.47.29
> 
> and a lookup scared me:
> 
> 3.115.206.61.in-addr.arpa domain name pointer
> 61.206.115.3.user.ad.il24.net.
> 
> 33.172.84.213.in-addr.arpa domain name pointer vdben.xs4all.nl.
> 
> 29.47.238.213.in-addr.arpa is an alias for
> 29.tallence.47.238.213.in-addr.arpa.
> 29.tallence.47.238.213.in-addr.arpa domain name pointer
> lokschuppen.zs64.net.
> 
> None of these look like time servers, and some of them even host weird
> websites.
> 
> I looked at my /etc directory and couldn't find these IP mentioned
> anywhere.
> 
> 
> Am I hacked? And how is it related to ntpd?
> 
> Thanks a LOT in advance!
> 

There is no way to answer this without seeing the actual messages. What
is are these addresses related to? What version of ntpd are you running?

Danny



More information about the questions mailing list