Obi110 Hacked? Attempting to Send NTP Packets to Ukraine

[Busthead]

Why is my Obi110 attempting to send NTP packets to Ukraine?

Date Time   Country blocked    UDP         
192.168.0.202:55573   → 91.236.251.5:123
     
https://www.obitalk.com/forum/index.php?topic=8984.0

indicates that the latest firmware version is 2877. My device appears to be running 2886:

SoftwareVersion   1.3.0 (Build: 2886)

Interestingly, I still have the 2886 firmware file:

> certutil -hashfile OBi110-1-3-0-2886.fw SHA256
SHA256 hash of file OBi110-1-3-0-2886.fw:
7d 59 fa 2d 71 8f 14 c7 86 bd 87 7b 1e 1e af 23 30 77 f0 07 0d cb 7c a8 67 bc f9 08 5c 54 56 bd

Any ideas?

[drgeoff]

1.  The OBI110 has a user-configurable field to set the address of the NTP server.  The default is pool.ntp.org.  Is yours still set to that?  If yes or if set to some other legitimate NTP server URL then look to your DNS server (which is not part of the OBi110) to see why it might be returning the 91.236.251.5 dotted quad.

2.  The latest firmware for OBi100 and OBi110 is 2886.

[Lavarock7]

The country code for the Ukraine is similar for the US (UA vrs US) although I don't see where it would be obvious to set it based upon country code.

Also, Ukraine is close to United States in the drop down of countries.

The country code ofr UA is 804 and US is 840 (very similar).

Could this be a fat finger choice in some manual setting for time zone or NTP server choice or with automatic setup via ISP?

[SteveInWA]

Change the NTP server to:  us.pool.ntp.org

This screenshot is from a OBi 202, but there's a similar setting in the 110.