[ntp:questions] Very rapid polling

Unruh unruh-spam at physics.ubc.ca
Wed Feb 11 23:52:17 UTC 2009


"Richard B. Gilbert" <rgilbert88 at comcast.net> writes:

>Unruh wrote:
>> "Richard B. Gilbert" <rgilbert88 at comcast.net> writes:
>> 
>>> Unruh wrote:
>>>> "Richard B. Gilbert" <rgilbert88 at comcast.net> writes:
>>>>
>>>>> jlevine wrote:
>>>>>> In the last few days I have seen an increasing number of systems that
>>>>>> are requesting the time in NTP format several times per second. This
>>>>>> poll interval is far in excess of the usual best practices. Since
>>>>>> there are a number of such systems, it is possible that this problem
>>>>>> is a result of a new version of NTP that has just been released.
>>>>>> Please let me know if you have any information about a new version of
>>>>>> NTP that can do this or if any of you are seeing the same problem.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> Judah Levine
>>>>>> Time and Frequency Division
>>>>>> NIST Boulder
>>>>> Have you captured the IP addresses of the systems involved?  If so, have 
>>>>> you identified the ISP responsible for those addresses?  Complained to 
>>>>> the ISP?  Etc, etc?
>>>>> The half witted will always be with us. . . .
>>>> There is no way you can set up ntpd so that it will poll many times a
>>>> second, unless there is a severe bug in ntp. He is asking if perhaps such a
>>>> bug exists in the latest version of ntpd ( since the latest version just
>>>> came out a month ago, and latest devel version a week ago, this would be a
>>>> sensible worry).
>>>> Alternatively one of those modem manufacturers may have screwed up again,
>>>> or some ntp  like program has come out that has such a default.
>>>> I agree that asking the IP addressee what it is that they are running might
>>>> work, but probably not.
>>>>
>> 
>>> It may take a while to get results but if the only alternative is to do 
>>> nothing and suffer. . . .  The ISPs have the power to cut these idiots 
>>> off at the knees!  Whether they are willing to do so is something you 
>>> have to ask them.  They also have the ability to reduce a network 
>>> address to a street address.  Again, you have to ask.  If you ask on 
>>> NIST letterhead, your chances of being taken seriously are much improved.
>> 
>> IF it is a bug in ntp, then the users are not idiots, unless using ntp
>> makes you an idiot. If it is a bug in some other ntp software, then the
>> users of that software are not idiots, unless use of that software per se
>> makes you an idiot. If it is some modem manufacturer who has misapplied ntp
>> on their modem/router, again the same applies. He is trying to find out if
>> it is possible that such bugs exist, or than anyone else has seen them. 
>> 
>> 
>>> As I recall my contract with Comcast, they can simply cut me off in 
>>> response to just about any sort of abuse.  If nobody complains, I can 
>>> get away with practically anything!
>> 
>> 
>> Is a bug in the software "abuse"?
>> 

>Yes!  It's customary to do some sort of minimal testing before 
>distributing your software to the masses.

>Given the past history; e.g. U-Wisconsin, Tardis, PHK vs. D-Link and a 
>few other such incidents I'd say it's mandatory to do some pre-release 
>testing of hardware, firmware, and/or software.  I'd say that it's also 
>mandatory to read, and comply with, the relevant RFCs.

>I doubt very much that ntpd has such a bug/misfeature!  The authors are 
>very much aware of the potential problems and have done an excellent job.

>It seems clear that the internet community needs a methodology for 
>coping with such incidents.  Each time, it seems that a posse comitatus 
>must be formed, the miscreants tracked down, and asked to fix their 
>hardware, firmware, or software.  Sometimes, as in the U-Wisconsin 
>incident it's not possible to track down all instances of the defective 
>hardware/firmware/software..

Just what do you have in mind?
It seems that what you describe is exactly a methodology for coping with
such incidents. Or are you going to drive around with a gun and shoot the
president of D-Link say? 




>With the ever increasing use of the internet, the problems are only 
>going to get worse!

Yes. And with the increasing population of the earth "problems are only
going to get worse" as well. 





More information about the questions mailing list