[ntp:questions] Re: recvfrom(0.0.0.0) fd=51: Connection refused

Frank Kardel kardel at ntp.org
Tue Sep 12 18:55:29 UTC 2006


xntp at skopos.be (Luc Pardon) writes:

> Frank Kardel wrote:
>> You are not NATting anything ? A broken NAT config/device could give this too if other systems from your network do queries that get mapped
>> to your primary system - but that's just a guess. Just like forged send IP would be. Maybe you could double check at your outgoing link
>> (inner and outer interface) for correlations like that.
>
>     None of the internal systems should query outside servers. And even if they did, they should not have started doing that all of a sudden a week or so ago. Never say never, though, so I double-checked already, in various ways. I'm pretty sure it's not coming from behind my back.
ok.

>
>     What I don't control is the ADSL router in front of me, though. If my friendly ISP decided last week that it would be nice to sync it to that belbone server, and if they forward the replies right through to the network behind, then that might be the cause.
>
>     In fact, there is an indication that this might be what's going on. Here is a tcpdump of one such reply:
>
>  > 19:59:19.083130 ntp1.belbone.be.ntp > adsl-gida.ntp:  v1 server strat 2 poll 0 prec -20 (DF) [tos 0x10]
>
>     Note that it says "v1"... That's not in reply to an (x)ntp request.
very old version indeed (sntp?).

>
>     If it is indeed the router, the master of time at belbone would see requests coming in from over here (this is why I double-checked they're not mine <g>). I haven't heard back from them, but then they said they're working on things. If they see queries, it'll be time to call my ISP.
>
This is probably beyond the point where I can help.
 
>
>>>     The strange packets are no longer coming in and in any case, I don't have the resources right now to hook up a Linux box with a more recent kernel to see what would happen.
>>>
>> Well, at least things did a bit improve, didn't they :-) ?
>> 
>
>      The glass is either half full or half empty. It's just that I like to get at the bottom of things, both problems and glasses. I hate problems that disappear unsolved, almost as much as I hate glasses that disappear unfinished <g>.
>
>     But yes, we're making progress and that's a Good Thing indeed.

Well I hope you get to the bottom of the paket source and find full glasses :-)

>
>     Luc Pardon

Frank




More information about the questions mailing list