[ntp:questions] Reachable and rejected

Richard B. Gilbert rgilbert88 at comcast.net
Sat Sep 13 12:07:39 UTC 2008


David Woolley wrote:
> Richard B. Gilbert wrote:
> 
>> What, if anything, leads you to believe that "server1" or "server2" 
>> are actually running NTP, are connected to the network, etc, etc?
> 
> That they respond to NTP queries with well formed responses, even if the 
> response indicates the time is too unreliable to use and in other ways 
> looks like a failing SNTP implementation attempt, which is not directly 
> connected to a reference clock.
> 
> The lack of response here is consistent with something that is not the 
> reference implemenation of NTP, but could be the result of network and 
> server security policies.  To be honest, I would have been very 
> surprised if there had been a response, as the server is simply not 
> behaving in a way that is consistent with the reference implementation.
>>
>> What happens if you say:
>> ping serveri
>> ping server2
> 
> Total waste of time. We already know that something responds to those 
> addresses and a ping failure is very likely in the modern, paranoid, world.
> 
> Some basic SNMP queries are much more likely to be useful, as, if there 
> is a response, it will tell us what OS we are dealing with.  Although my 
> original thought was Windows, I think that would have produced a 
> precision of -6.  -7 suggests something with a 100Hz clock interrupt 
> rate, which is the typical Unix rate.
> 
> We could be dealing with a router, an appliance time server, or a weird 
> choice of NTP software on Unix.  Although I believe that NTP should 
> indicate an unsynchronised state if the incoming root dispersion goes 
> excessive, I have seen an example here that seemed to contradict this, 
> so it is even possible that the real culprit is the stratum one server. 
>  However, I think that the zero root delay is a strong clue that this is 
> an SNTP server operating outside the scope of SNTP, and possibly not 
> handling root dispersion validly.
>> ??
>>
>> Getting a response to ping will show that they are connected to the 
>> network, have network software installed, etc, etc.  If they respond 
>> to ping but not to nptq, that would suggest that ntpd is not running.
> 
> The respond to NTP client requests but not NTP management requests.  No 
> need for the pings.  Even the first word in the subject tells you that 
> they are responding to NTP!

I'm going to have my breakfast rather than look up the details but if 
they don't respond to NTP management requests (ntpq or ntpdc), it 
suggests that they have been configured not to!




More information about the questions mailing list