[ntp:questions] Re: recvfrom(0.0.0.0) fd=51: Connection refused

Luc Pardon xntp at skopos.be
Tue Sep 12 18:27:21 UTC 2006



Frank Kardel wrote:
> You are not NATting anything ? A broken NAT config/device could give this too if other systems from your network do queries that get mapped
> to your primary system - but that's just a guess. Just like forged send IP would be. Maybe you could double check at your outgoing link
> (inner and outer interface) for correlations like that.

    None of the internal systems should query outside servers. And even 
if they did, they should not have started doing that all of a sudden a 
week or so ago. Never say never, though, so I double-checked already, in 
various ways. I'm pretty sure it's not coming from behind my back.

    What I don't control is the ADSL router in front of me, though. If 
my friendly ISP decided last week that it would be nice to sync it to 
that belbone server, and if they forward the replies right through to 
the network behind, then that might be the cause.

    In fact, there is an indication that this might be what's going on. 
Here is a tcpdump of one such reply:

 > 19:59:19.083130 ntp1.belbone.be.ntp > adsl-gida.ntp:  v1 server strat 
2 poll 0 prec -20 (DF) [tos 0x10]

    Note that it says "v1"... That's not in reply to an (x)ntp request.

    If it is indeed the router, the master of time at belbone would see 
requests coming in from over here (this is why I double-checked they're 
not mine <g>). I haven't heard back from them, but then they said 
they're working on things. If they see queries, it'll be time to call my 
ISP.


>>     The strange packets are no longer coming in and in any case, I don't have the resources right now to hook up a Linux box with a more recent kernel to see what would happen.
>>
> Well, at least things did a bit improve, didn't they :-) ?
> 

     The glass is either half full or half empty. It's just that I like 
to get at the bottom of things, both problems and glasses. I hate 
problems that disappear unsolved, almost as much as I hate glasses that 
disappear unfinished <g>.

    But yes, we're making progress and that's a Good Thing indeed.

    Luc Pardon



More information about the questions mailing list