1

I have recently started with OPNSense and have limited outgoing traffic to HTTP/s, SSH ports. When analyzing my blocked traffic i found sporadic outgoing NTP-Requests from my local Linux machine.

I am not very familiar with NTP.
I am now wondering a few things.

  1. The source port is always different. Is this normal behavior/ caused by the firewall block?

    192.168.1.101:52936
    192.168.1.101:54299
    192.168.1.101:45992
    ...
    
  2. I actually don't have NTP installed. So i don't quite understand why i even have NTP traffic?

Coalbl4ck
  • 13
  • 3
  • Yes, source port is a random high-port, destination port is 123. Are you sure you dont have a NTP-client? Most distros have one preinstalled... – Virsacer Mar 23 '22 at 16:08
  • Oh okay good to know. I have checked for both the ntp and openntpd package (Arch). So unless it is some really strange NTP-client that came as a dependency, i shouldn't really. – Coalbl4ck Mar 23 '22 at 16:47

1 Answers1

1

Many Linux distros ship with an NTP client enabled by default. Check your system for chrony or systemd-timesyncd. The latter is the default on most systemd-enabled distributions.

Paul Gear
  • 3,938
  • 15
  • 36