[ntp:questions] Unauthorized remote server configuration
David Woolley
david at ex.djwhome.demon.co.uk.invalid
Sat Jul 5 15:21:14 UTC 2008
Bob wrote:
>
> It's happened again. I disabled auth last night after my previous post, and
> let it run overnight with Wireshark capturing I've now got two IP addresses
> listed as peers that I did not add. They are listed as "sym_passive". I see
Seems more likely that you've just got W32Time clients. Using peer mode
by default is one of the known misfeatures. Of course, disabling
authentication may defeat the normal countermeasures for such clients
(treating them as though they had you configured as a server, rather
than peer).
The associations don't represent configuration in the normal sense; they
are not the result of management actions, but simply the result of using
peer type time exchanges; even then, they do represent a risk to the
time integrity.
Incidentally, you appear to have a local clock configured at an
inappropriate stratum. The only time it is appropriate to configure it
at 5 is when your clock is being disciplined, but not by NTP (it's never
appropriate to configure one for a pure client). The fact that you have
other servers configured is a contraindication for the presumption that
you are being disciplined by non-NTP means.
More information about the questions
mailing list