[ntp:questions] Unauthorized remote server configuration

Per Hedeland per at hedeland.org
Sat Jul 5 18:59:41 UTC 2008

In article <QXLbk.17733$LL4.13322 at bignews7.bellsouth.net> "Bob"
<bobsjunkmail at bellsouth.net> writes:
>It's happened again. I disabled auth last night after my previous post, and 
>let it run overnight with Wireshark capturing I've now got two IP addresses 
>listed as peers that I did not add. They are listed as "sym_passive". I see 
>requests from these sites listed as "mode 1" in monlist. Looking at the 
>Wireshark packet captures, the packet from the remote that seems to make me 
>start polling the remote contains a flag of  "Symmetric Mode Active". I got 
>a number of packets from this same remote that I began polling, that when 
>looked at with Wireshark, did things like changing polling frequency. All 
>had "Symmetric Mode Active" set. My polls all have "Symmetric Mode Passive" 

OK - I'll defer to others about whether 'disable auth' is supposed to
have this effect or it's a bug, but I think it's clear that they aren't
actually changing your config as ntpdc commands may do (they are mode 7
IIRC). I believe that what you see is the equivalent of other systems
having you configured as "peer" rather than "server".

--Per Hedeland
per at hedeland.org

More information about the questions mailing list