[ntp:questions] Unauthorized remote server configuration

David Woolley david at ex.djwhome.demon.co.uk.invalid
Sat Jul 5 15:21:14 UTC 2008

Bob wrote:

> It's happened again. I disabled auth last night after my previous post, and 
> let it run overnight with Wireshark capturing I've now got two IP addresses 
> listed as peers that I did not add. They are listed as "sym_passive". I see 

Seems more likely that you've just got W32Time clients.  Using peer mode 
by default is one of the known misfeatures.  Of course, disabling 
authentication may defeat the normal countermeasures for such clients 
(treating them as though they had you configured as a server, rather 
than peer).

The associations don't represent configuration in the normal sense; they 
are not the result of management actions, but simply the result of using 
peer type time exchanges; even then, they do represent a risk to the 
time integrity.

Incidentally, you appear to have a local clock configured at an 
inappropriate stratum.  The only time it is appropriate to configure it 
at 5 is when your clock is being disciplined, but not by NTP (it's never 
appropriate to configure one for a pure client).  The fact that you have 
other servers configured is a contraindication for the presumption that 
you are being disciplined by non-NTP means.

More information about the questions mailing list