[ntp:questions] Very rapid polling

Richard B. Gilbert rgilbert88 at comcast.net
Wed Feb 11 04:16:28 UTC 2009


Unruh wrote:
> "Richard B. Gilbert" <rgilbert88 at comcast.net> writes:
> 
>> Unruh wrote:
>>> "Richard B. Gilbert" <rgilbert88 at comcast.net> writes:
>>>
>>>> jlevine wrote:
>>>>> In the last few days I have seen an increasing number of systems that
>>>>> are requesting the time in NTP format several times per second. This
>>>>> poll interval is far in excess of the usual best practices. Since
>>>>> there are a number of such systems, it is possible that this problem
>>>>> is a result of a new version of NTP that has just been released.
>>>>> Please let me know if you have any information about a new version of
>>>>> NTP that can do this or if any of you are seeing the same problem.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Judah Levine
>>>>> Time and Frequency Division
>>>>> NIST Boulder
>>>> Have you captured the IP addresses of the systems involved?  If so, have 
>>>> you identified the ISP responsible for those addresses?  Complained to 
>>>> the ISP?  Etc, etc?
>>>> The half witted will always be with us. . . .
>>> There is no way you can set up ntpd so that it will poll many times a
>>> second, unless there is a severe bug in ntp. He is asking if perhaps such a
>>> bug exists in the latest version of ntpd ( since the latest version just
>>> came out a month ago, and latest devel version a week ago, this would be a
>>> sensible worry).
>>> Alternatively one of those modem manufacturers may have screwed up again,
>>> or some ntp  like program has come out that has such a default.
>>> I agree that asking the IP addressee what it is that they are running might
>>> work, but probably not.
>>>
> 
>> It may take a while to get results but if the only alternative is to do 
>> nothing and suffer. . . .  The ISPs have the power to cut these idiots 
>> off at the knees!  Whether they are willing to do so is something you 
>> have to ask them.  They also have the ability to reduce a network 
>> address to a street address.  Again, you have to ask.  If you ask on 
>> NIST letterhead, your chances of being taken seriously are much improved.
> 
> IF it is a bug in ntp, then the users are not idiots, unless using ntp
> makes you an idiot. If it is a bug in some other ntp software, then the
> users of that software are not idiots, unless use of that software per se
> makes you an idiot. If it is some modem manufacturer who has misapplied ntp
> on their modem/router, again the same applies. He is trying to find out if
> it is possible that such bugs exist, or than anyone else has seen them. 
> 
> 
>> As I recall my contract with Comcast, they can simply cut me off in 
>> response to just about any sort of abuse.  If nobody complains, I can 
>> get away with practically anything!
> 
> 
> Is a bug in the software "abuse"?
> 

Yes!  It's customary to do some sort of minimal testing before 
distributing your software to the masses.

Given the past history; e.g. U-Wisconsin, Tardis, PHK vs. D-Link and a 
few other such incidents I'd say it's mandatory to do some pre-release 
testing of hardware, firmware, and/or software.  I'd say that it's also 
mandatory to read, and comply with, the relevant RFCs.

I doubt very much that ntpd has such a bug/misfeature!  The authors are 
very much aware of the potential problems and have done an excellent job.

It seems clear that the internet community needs a methodology for 
coping with such incidents.  Each time, it seems that a posse comitatus 
must be formed, the miscreants tracked down, and asked to fix their 
hardware, firmware, or software.  Sometimes, as in the U-Wisconsin 
incident it's not possible to track down all instances of the defective 
hardware/firmware/software..

With the ever increasing use of the internet, the problems are only 
going to get worse!





More information about the questions mailing list