[ntp:questions] Generating keys for ntpdc control

Per Hedeland per at hedeland.org
Sat Jul 5 12:11:53 UTC 2008


In article <ClBbk.17519$NQ5.5917 at bignews6.bellsouth.net> "Bob"
<bobsjunkmail at bellsouth.net> writes:
>
>"Per Hedeland" <per at hedeland.org> wrote in message 
>news:g4m5s6$312b$1 at hedeland.org...
>> In article <uCubk.27069$s77.14269 at bignews3.bellsouth.net> "Bob"
>> <bobsjunkmail at bellsouth.net> writes:
>>>
>>>"Steve Kostecke" <kostecke at ntp.org> wrote in message
>>>news:slrng6sdqh.lip.kostecke at stasis.kostecke.net...
>>>
>>>> None of the following is germane to your symmetric key issue, but ...
>>>>
>>>>> keys "C:\Program Files\NTP\etc\ntp.keys"
>>>>> enable auth
>>>>
>>>> Auth is enabled by default. It can be disabled on the command-line. The
>>>> worst that can happen is this line will generate an extra log entry.
>>>
>>>I disabled auth earlier this week, and promptly got attacked. I did an
>>>enable auth with the intention of reversing my disable auth.
>>
>> Unless someone has done something really bad to current versions of the
>> code, enable/disable auth has nothing to do with ntpdc control commands
>> - those *always* require authentication, and if you haven't configured a
>> key file, they just cannot be done. If (as you claimed earlier) your
>> config got changed by someone else, you have bigger problems to chase
>> (as in someone has broken into your system). I suspect that you were
>> just seeing a badly-behaved client trying to get time from your server,
>> though.

>There was no change to my config file.

No, there is no code in ntpd to write to the config file, but of course
changing the running config is serious enough.

> I noticed that I was frequently 
>polling a single server in addition to my normal list, which were being 
>polled at their normal rate.

How did you determine that you were "polling" that server, and not just
sending replies to requests?

> I looked at my server list, via ntpdc, and 
>there was about 15 entries for the same IP.

What exact ntpdc command did you use for this?

--Per Hedeland
per at hedeland.org




More information about the questions mailing list