[ntp:questions] "Trapping" in ntpd

Rob pse at nospam.com
Thu Oct 4 14:39:04 UTC 2007


Steve wrote:

>Why don't you test it?

Well, I did.  And got some strange results.

First of all, if you specify notrap on your restrict line(s), you don't
stop all traps. You will get at least one trap messaage stating that auth
has failed.

e.g

robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap 
Thu Oct  4  9:03:46 2007 Listening at address 0.0.0.0 port 50095
Thu Oct  4  9:03:57 2007                    localhost: err_auth_fail: 

Not a big deal but since it does respond with a message, there may be
security implications. (e.g. DOS attacks)

If you specify noquery on your restrict line(s), you do stop all traps and
queries.  You don't get any responses.

e.g

robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap 
Thu Oct  4  9:06:08 2007 Listening at address 0.0.0.0 port 50194 

I also don't seem to get the same output that you posted earlier.
With no restrictions specified (ie allowing traps, queries etc), I get the
following output after restarting ntpd and running ntptrap immediately
after:

robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap
Thu Oct  4  9:48:16 2007 Listening at address 0.0.0.0 port 51182
 more
 more

Thu Oct  4  9:49:29 2007                                localhost trap#1    peer 33453 [127.127.1.0]                                 [127.127.1.0] event_reach 
 more
 more

Thu Oct  4  9:49:29 2007                                localhost trap#2    peer 33452 [192.168.1.26]                               [192.168.1.26] event_reach 
 more

Thu Oct  4  9:49:35 2007                                localhost trap#3      SYSTEM   event_sync/strat_chg stratum=16 refid=STEP peer=33452
 more

Thu Oct  4  9:49:35 2007                                localhost trap#4      SYSTEM   event_sync_chg stratum=3 refid=192.168.1.26leap_none sync_udp/time 
 more

Thu Oct  4  9:49:35 2007                                localhost trap#5      SYSTEM   event_sync/strat_chg stratum=3 refid=192.168.1.26 peer=33452

Hmm.  You will notice that the output on my terminal states "more".  I
suspcted you must use the -l option in ntptrap to get ntptrap to write
this output to a file.  I tried to do that but was not able.  

Maybe this is a bug in the ntptrap perl script.

e.g.  

robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap -l ntptrap.txt 
Cannot open "/dev/null ntptrap.txt": Permission denied

I tried specifying even a full path for the text file.  It made no
difference.  I still get an error.

There also appears to be another bug in ntptrap.  You can't specify a ntpd
server.  It also defaults to the localhost ntpd server.

e.g. When I run ntptrap on a computer located at 192.126.1.27

robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap 192.168.1.26
Thu Oct  4  8:28:32 2007 Listening at address 0.0.0.0 port 49325

Hmm.. It always listens on 0.0.0.0.  It will not listen for my other ntpd
server located at 192.126.1.26..

The -p PORT options also doesn't seen to do anything either.

If I am doing something wrong please let me know.

In summary, the noquery restriction also blocks traps.  There is no need
to add notrap to restrict lines where noquery is specified.

The notrap restriction does appear to stop all traps (except one -- the
"err_auth_fail:" trap message).

And it looks like there are bugs in the ntptrap perl script.  One cannot
specify a log file.  Even worse, one cannot even specify a host.

Rob




More information about the questions mailing list