Why are opnsense NTP servers sending queries

Started by someone, October 06, 2024, 08:08:07 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 06, 2024, 08:08:07 PM
I am getting sent multiple queries from opnsense NTP servers, not NTP, any ideas what thats about?
Like 5 to 10 every few minutes
October 06, 2024, 08:10:12 PM #1
What do you mean by "opnsense NTP servers" and which device is "I" in this context? Can you show the queries, e.g. from the firewall live log or a packet trace?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 08, 2024, 05:55:49 AM #2
Doing more packet captures I dont think they are opnsense servers
There is a dns zone transfer going on
Need to turn off ntp
October 09, 2024, 03:36:28 AM #3
ok I have managed to stop the NTP servers
And it has ruled out anything to do with the opnsense NTP servers
It has to do with XID IPv6 solicits
The unsolicited servers and later websites are coming after IPv6 XID solicits
There is no response to them
I will have to find a way to shut that down
I know its RFC, its a known haven for hacking, not used, and everyone is wondering what it is still doing on the net
Something upstream has been tampered with, find out when I stop XID
How do they alter my DNS settings, within opnsense, which then alters NTP servers
I have gotten DHCP handshake to look more normal, the DORA handshake although it skips the offer packet
and the DHCP(correct one) server sends an ack
still more work to do
Print
Go Up Pages1
User actions