[ntp:questions] Re: abuse or bug ?

[Henk Penning]

In <ctm4j3$r1u$1 at june.cs.uu.nl> henkp at cs.uu.nl (Henk Penning) writes:

>  For the record, I got into contact with Ames Research IT security.
>  They were very helpful (the 'abuse' stopped) but not at liberty
>  to tell me /anything/ about the machine or its software.

  This turned out to be a Gentoo box too ; no specifics given.

  Here is another example (again a gentoo box) ; it polled
  ntp.cs.uu.nl every 2 seconds, for the last 264.7 hours.

  ----------------------------------------------------------------
         site      count pack/min   last [hrs ago]  first [hrs ago]
lucca.capo.os3.nl 431799  27.1854              0.0            264.7
  ----------------------------------------------------------------

  Hardware:
    Sun Enterprise 450, 2 CPU's (Ultrasparc II) , 1 used

  Operating system:
    Gentoo 2004-3 Linux lucca 2.4.27-sparc #1
    Fri Oct 29 13:07:36 UTC 2004 sparc64 sun4u  
    TI UltraSparc II (BlackBird) GNU/Linux

  ntpd: 
    net-misc/ntp
    Latest version available: 4.2.0-r2
    Latest version installed: 4.2.0-r2
    Size of downloaded files: 2,480 kB
    Homepage:    http://www.ntp.org/
    Description: Network Time Protocol suite/programs
    License:     as-is

  ntp.conf:
    restrict default noquery notrust nomodify
    restrict 127.0.0.1
    restrict 145.92.24.0 mask 255.255.255.0
    fudge 127.127.1.0 stratum 3
    server 127.127.1.0
    driftfile /var/lib/ntp/ntp.drift
    logfile /var/log/ntp.log
    server ntp.phil.uu.nl
    server ntp.cs.uu.nl
    server chime2.surfnet.nl
    server rolex.ripe.net

ntpdc -c dm -c loo -c sysi -c syss
      remote           local      st poll reach  delay   offset    disp
=======================================================================
  chime2.surfnet. 145.92.25.10    16   64    0 0.00000  0.000000 0.00000
  goedel.admin.ph 145.92.25.10    16  128    0 0.00000  0.000000 0.00000
*2001:610:240:2: ::                1 1024  377 0.00337  0.000099 0.01480
  LOCAL(0)        127.0.0.1        5   64  377 0.00000  0.000000 0.00092
  doei.cs.uu.nl   145.92.25.10    16   64    0 0.00000  0.000000 0.00000
offset:               0.000099 s
frequency:            54.878 ppm
poll adjust:          30
watchdog timer:       1698 s
system peer:          2001:610:240:2:ffff::228
system peer mode:     client
leap indicator:       00
stratum:              2
precision:            -19
root distance:        0.00337 s
root dispersion:      0.04401 s
reference ID:         [254.141.161.178]
reference time:       c5bf494f.45223183  Thu, Feb 17 2005 17:48:15.270
system flags:         auth monitor ntp kernel stats
jitter:               0.000946 s
stability:            0.001 ppm
broadcastdelay:       0.003998 s
authdelay:            0.000000 s
time since restart:     2085163
time since reset:       2085163
packets received:       2804823
packets processed:      2222
current version:        2800025
previous version:       4786
bad version:            0
access denied:          2790089
bad length or format:   0
bad authentication:     0
rate exceeded:          0

ntpq -p [ reformatted output ]
remote      refid      st t when poll reach   delay   offset   jitter
=====================================================================
 LOCAL(0)        73.78.73.84
                        5 l   52   64  377    0.000    0.000    0.002
 goedel.admin.ph .RSTR.
                       16 u    -  128    0    0.000    0.000  4000.00
 doei.cs.uu.nl   .RSTR.
                       16 u    -   64    0    0.000    0.000  4000.00
 chime2.surfnet. .RSTR.
                       16 u    -   64    0    0.000    0.000  4000.00
*2001:610:240:2: .GPS.
                        1 u  675 1024  377    3.375    0.099    0.380

Henk Penning
--
----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/