[ntp:questions] Strange IP flags set in NTP conversation

Michael Sierchio kudzu at tenebras.com
Tue Oct 14 16:29:56 UTC 2003


Intrusion detection is a marvelous thing -- you get to
see not only the misbehavior of others' hosts, but also
your own.  Anybody have a clue why ntp on FreeBSD (RELENG_4_8)
is setting the differentiated services flag to 0x10 ?  Maybe
this is based on the old TOS value of "low delay" ???  Kinda
out of date, and generates "anomalous packet header" log
entries, since this is an illegal combination of bits in the
DS bits.




More information about the questions mailing list