[ntp:questions] Re: abuse or bug ?

David L. Mills mills at udel.edu
Tue Feb 1 04:41:59 UTC 2005


Guys,

Yeah, the problem at the client was the "notrust" in the reslist. The 
access control module set the DONTTRUST bit and the protocol module set 
the RSTR string in the reference ID field and re-initialized the 
association. The initial delay for the first packet in 4.2.0 was one 
second. You can work out the rest. I verified this does happen in 4.2.0, 
but does not happen in the current develoment version.

It was rather curious that the client operator didn't realize something 
was wrong, espcially after some 25 days when not one packet got in the door.

The 4.2.0 randomized the initial poll interval at one secon when only 
one association was configured, in order to minimize the initial 
synchronizatino delay. The current development version initilizes at the 
minpoll interval, since the iburst keyword makes that unnecessary. It 
also does not re-initialize the association in case of trust violation, 
although it probably should set the refid to something revealing.

So, the answer is to make sure you always trust yourself. In any case, 
the safest thing is to upgrade to the new version. .

Dave

Ronan Flood wrote:
> henkp at cs.uu.nl (Henk Penning) wrote:
> 
> 
>>  Sorry to bother you some more; here is a 1 PPS client that
>>  responds to ping, ntpdc and ntpq:
>>
>>    83.140.64.206
>>
>>  2179540 packets in the last 613 hours.
>>
>>% ntpq 83.140.64.206
>>ntpq> pee
>>     remote           refid      st t when poll reach   delay   offset  jitter
>>==============================================================================
>> doei.cs.uu.nl   .RSTR.          16 u    -   64    0    0.000    0.000 4000.00
> 
> 
> Mmmhmm ...
> 
> % ntpdc -n 83.140.64.206
> ntpdc> reslist
>    address          mask            count        flags
> =====================================================================
> 0.0.0.0         0.0.0.0           2182891  notrust, nomodify  <************
> 83.140.64.206   255.255.255.255         0  ntpport, interface, ignore
> 83.140.80.1     255.255.255.255         0  ntpport, interface, ignore
> 127.0.0.1       255.255.255.255         0  none
> 127.0.0.1       255.255.255.255         0  ntpport, interface, ignore
> ::              ::                      0  none
> 
> ntpdc> monlist
> remote address          port local address      count m ver code avgint  lstint
> ===============================================================================
> 128.86.16.20           38981 83.140.64.206         12 7 2     84    207       0
> 131.211.80.155           123 83.140.64.206    2182845 4 4     84      1       0
> 131.211.80.9           51229 83.140.64.206         23 6 2     84     25    3228
> 209.237.227.194         3586 83.140.64.206         14 7 2     84      9    4222
> 83.83.6.100            35576 83.140.64.206          2 6 2     84      0  206366
> 
> ntpdc> sysstats
> time since restart:     2209024
> time since reset:       2209024
> packets received:       2182902
> packets processed:      0
> current version:        2182850
> previous version:       0
> bad version:            0
> access denied:          2182850  <****************
> bad length or format:   0
> bad authentication:     0
> rate exceeded:          0
> 
> ntpdc> iostats
> time since reset:     2209041
> receive buffers:      9
> free receive buffers: 9
> used receive buffers: 9
> low water refills:    0
> dropped packets:      0
> ignored packets:      0
> received packets:     2182920
> packets sent:         2183113
> packets not sent:     8
> interrupts handled:   2182918
> received by int:      2182920
> 
> 



More information about the questions mailing list