Esx host not updating time ntp
Since that IP address does not belong to any VM and is actually assigned to VMware ESXi host itself, I started my investigation.As it turned out: By scanning internet address space, attackers gathered a list of NTP servers which allow querying their status.Each NTP server responds with a list of the last 600 clients which is significantly larger than original request (one 40-byte-long request generates 18252 bytes worth of response traffic).This leads to significant amount of UDP traffic which can be directed by attacker to any destination.We need to create a custom firewall extension to open that port. Basically you need to create a custom XML configuration file in the directory /etc/vmware/firewall, e.g.
I recommend to stop using ESXi altogether or disable the NTP service and accept the fact that the time will be inaccurate.To prevent this, specify a valid NTP source in the Virtual Appliance /appliance interface as well as ensuring that your ESXi host is using a valid NTP source.VMware also has an option to sync the guest OS time with the host ESXi server time.Recently my attention was caught by a question posted to the VMware Community forums that sounds odd at first sight: Is it possible to configure ESXi 5.0 to act as a NTP server? On the one hand it is not recommended to use ESXi for anything else than the task that it was designed for: being a hypervisor.On the other hand it is not recommended to run a VM as NTP server, because exact timekeeping can be quite a challenge in VMs as they do not own a real hardware clock timer. Small shops that have reached 100% virtualization run only ESXi on their remaining physical servers.