[ntp:questions] Re: abuse or bug ?

David L. Mills mills at udel.edu
Thu Jan 27 13:57:13 UTC 2005


Henk,

No version of the xntpd/ntpd software that leaves here can do anything 
like you describe. It is not possible to configure a client to send 
packets faster than one packet in sixteen seconds and in the ordinary 
case a client sends no faster than one packe in 1,024 seconds. Be very 
convinced of this.

There are apparently other implementations of SNTP/NTP in circulation 
that behave as you describe. These have popped up at USNO, NIST and U 
Wisconsin time servers, as described at a recent PTTI conference (see 
www.eecis.udel.edu/~mills/papers.html). These have caused great harm and 
disruption of Government provided services. I emphasize strongly, these 
rascals do NOT represent the public NTP software distribution.

Dave

Henk P. Penning wrote:
> Hi,
> 
>   it has been noted that some clients poll time servers at
>   a rate of 1 packet per second, for an unlimited period.
> 
>   Is this a bug in the standard ntpd software or
>   abuse by bad software or badly configured clients ?
> 
>   The example below make me think it is a bug.
> 
>   client   : 129.105.100.183 (in cs.northwestern.edu)
>   hardware : Sun, SunBlade 150
>   operating system :
>     Linux gandalf 2.4.26-sparc-r2 #14 Wed Sep 22 15:27:12 CDT 2004 sparc64
>     sun4u TI UltraSparc IIe (Hummingbird) GNU/Linux
>   ntp      : ntp  4.2.0-r2
>   config :
>     server pool.ntp.org
>     driftfile       /var/lib/ntp/ntp.drift
>     restrict default notrust nomodify
>     restrict 127.0.0.1
> 
>   It has sent 438851 packets in the last 129.3 hours to 'ntp.cs.uu.nl'.
>   The client says the server is unreachable.
> 
>   There may well be a problem with the client's ntpd config
>   or the clients network setup ; the interesting thing is that
>   standard ntpd software with a 'normal config', running on
>   of-the-shelf hardware, can show the undesired behaviour.
> 
>   The contact for the client is Stefan Birrer (thanks for all
>   the info) [s-birrer (at) northwestern edu].
> 
>   Henk Penning
> 
> ----------------------------------------------------------------   _
> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
> Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/
> http://www.cs.uu.nl/staff/henkp.html          M penning at cs.uu.nl  \_/
> 



More information about the questions mailing list