Yo Hal! On Thu, 21 Mar 2019 13:23:53 -0700 Hal Murray via devel <devel@ntpsec.org> wrote:
> >> No, it's the far end IP address and the local interface you use to
> >> get there.
> > Look again:
> > 2019-03-20T18:11:14 ntpd[3117]: NTSs: TCP accept-ed from
> > [2001:470:e815::%3= =3D 589492224]:50860
>
> > What IPv6 address do you think that is?
>
> Maybe it's truncated?
That would still be broken...
> I haven't figured out what's going on in this area. The IPv4 stuff
> looks reasonable. The printout is in libntp. I don't know how well
> tested that is. There may be a copy that isn't long enough for IPv6
> addresses. I'll go scan the NTS code.
Thanks. Funny what you find once you start looking...
> Beware, there are a lot of bad-guys out there poking around. You
> will get crap in your log files. Grep your log files for "failed".
> I haven't seen any IPv6 examples yet.
I run fail2ban, and a long blacklist on my gateway router.
Not seen any NTPD abuse yet. Several hits a second on ssh, pop, imap,
etc.
> If you want a sensible example to check, best to find the log entry
> from when one of your other systems connected.
Been there, done that, still confused.
> [=3D crap]
> > Ah, right. See attached.
>
> It was a big/long gpsd log file. Was there something in particular I
> was supposed to look for?
Yeah, the munged IPv6 logs that do not tell me the remote IPv6 address.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpNLIGxowz4r.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
