Author Topic: Why are opnsense NTP servers sending queries (Read 320 times)

someone · « **on:** October 06, 2024, 08:08:07 pm »

I am getting sent multiple queries from opnsense NTP servers, not NTP, any ideas what thats about?
Like 5 to 10 every few minutes

Patrick M. Hausen · « **Reply #1 on:** October 06, 2024, 08:10:12 pm »

What do you mean by "opnsense NTP servers" and which device is "I" in this context? Can you show the queries, e.g. from the firewall live log or a packet trace?

someone · « **Reply #2 on:** October 08, 2024, 05:55:49 am »

Doing more packet captures I dont think they are opnsense servers
There is a dns zone transfer going on
Need to turn off ntp

someone · « **Reply #3 on:** October 09, 2024, 03:36:28 am »

ok I have managed to stop the NTP servers
And it has ruled out anything to do with the opnsense NTP servers
It has to do with XID IPv6 solicits
The unsolicited servers and later websites are coming after IPv6 XID solicits
There is no response to them
I will have to find a way to shut that down
I know its RFC, its a known haven for hacking, not used, and everyone is wondering what it is still doing on the net
Something upstream has been tampered with, find out when I stop XID
How do they alter my DNS settings, within opnsense, which then alters NTP servers
I have gotten DHCP handshake to look more normal, the DORA handshake although it skips the offer packet
and the DHCP(correct one) server sends an ack
still more work to do

Author Topic: Why are opnsense NTP servers sending queries (Read 320 times)

someone

Why are opnsense NTP servers sending queries

Patrick M. Hausen

Re: Why are opnsense NTP servers sending queries

someone

Re: Why are opnsense NTP servers sending queries

someone

Re: Why are opnsense NTP servers sending queries