# Unexpected origin timestamp?

## dasPaul

I have ntpd which starts with boot.

Someone trying to attack my ntpd service?

 *Quote:*   

> ntpd[2860]: Listen normally on 2 eth0 XXX.XXX.XXX.XXX:XXX
> 
> ntpd[2860]: receive: Unexpected origin timestamp 0xda6bee98.a20892fe from 85.XX.XX.XX xmt 0xda6bee98.431ca7d6

 

Should I worry? ntpd -v Ver. 4.2.8p6

----------

## khayyam

 *dasPaul wrote:*   

> Should I worry? ntpd -v Ver. 4.2.8p6

 

dasPaul ... no, it seems to be a "priming-the-pump attack" and should be fixed in ntpd > v4.2.8p4 (see link).

best ... khay

----------

## Syl20

Do you need to make ntpd listen on internet ? If not, you should set

```
interface ignore wildcard

interface listen <the needed NICs only>
```

in ntp.conf, and/or use some "restrict" rules.

You can (should ?) add a sufficiently restricting firewall to avoid unexpected connections too.

----------

