Pool.ntp.org traffic redirected to Tor Exit Node

Hello,

The following IP address (37.228.129.2) is sometime returned while sending a DNS query for the following subdomains :

0.amazon.pool.ntp.org
0.ubuntu.pool.ntp.org
0.pool.ntp.org
pool.ntp.org
2.ubuntu.pool.ntp.org

3.debian.pool.ntp.org

This is still applicable today.

That IP address appears to be a Tor Exit Node since 14 days

Additionnaly, the IP does not seems to respond to ntp requests (ntpq -crv timed out).

Could you verify if this entry is obsolete ?

Regards,

Hi RemiP and welcome!

It does respond from here at the moment. The mode 6 control command you issued (rv, or readvar) is not supposed to work for safety reasons.

Here’s the monitoring page:

https://www.ntppool.org/scores/37.228.129.2

2 Likes

Thanks for the quick reply.
Correct, it is restricted for mode 6, otherwise it is responding.
Is it a violation of your use policy to share a NTP service on the same host than a Tor exit node ?

I don’t think it is, but I am not an admin, so not 100% sure.

It has lead to some complaints and some discussion on this forum in the past though.