[ntp:questions] Re: Strange IP flags set in NTP conversation

David L. Mills mills at udel.edu
Wed Oct 15 00:22:31 UTC 2003


I wasn't aware the semantics of the TOS field had changed since I used
those bits on the original NSFnet backbone network as of 1988. The D bit
was set in NTP and TELNET packets and forced a route within the network
rather than a roundabout path via ARPAnet. In any case, tcpdump shows
Solaris sets the D bit in TCP packets now, presumably for the original



Michael Sierchio wrote:
> Intrusion detection is a marvelous thing -- you get to
> see not only the misbehavior of others' hosts, but also
> your own.  Anybody have a clue why ntp on FreeBSD (RELENG_4_8)
> is setting the differentiated services flag to 0x10 ?  Maybe
> this is based on the old TOS value of "low delay" ???  Kinda
> out of date, and generates "anomalous packet header" log
> entries, since this is an illegal combination of bits in the
> DS bits.

More information about the questions mailing list