[ntp:questions] WARNING: someone's faking a leap second tonight
jeffrey.lerman at gmail.com
Wed Aug 1 18:00:31 UTC 2012
Thanks for the research - very interesting. Which stratum-1 servers are
still advertising LI=01? Is it possible to contact their administrators
to learn why they might be erroneously advertising? Can you see if those
servers have anything in common?
How are the leap-second flags meant to be cleared after a leap second?
Is it supposed to be automatic? Is there a bug in some code (ntpd or
elsewhere) that is failing to clear the flag in (some versions of) ntp
server software? I did check earlier this morning and I was unable to
find a bug filed against ntpd regarding this issue - does anyone know if
we should go ahead and file a bug? It'd be nice to have more
information on whether this is really an ntpd issue.
In general it certainly sounds like there is some brittleness somewhere
in the mechanism for clearing the leap-second (LI) flags after the leap
On 8/1/2012 7:33 AM, steven Sommars wrote:
> I've seen no evidence of a denial of service attack, bugs are more
> likely. Several stratum one servers have been advertising LI=1
> continuously for the past month. Others alternate between LI=0 and
> Most servers claim to run ntpd.
> There are over 10 stratum one's that advertise LI=1 as of Wed Aug 1
> 14:18:51 UTC 2012. Unless this changes another false leap second
> could occur on August 31, 2012
> On Wed, Aug 1, 2012 at 7:58 AM, Marco Marongiu <brontolinux at gmail.com
> <mailto:brontolinux at gmail.com>> wrote:
> On 01/08/12 10:28, Marco Marongiu wrote:
> > I tried to collect some information around the globe, but with
> > feedback. I am *suspecting* that this could be a rather imaginative
> > attempt to DOS worldwide.
> > Anyway, a colleague of mine is now hunting down some upstreams that
> > faked the leap second. If we get something out of his research,
> I'll let
> > you know.
> While my colleague is working with a stratum 1 timekeeper to
> this better, I called the people at INRiM in Italy -- INRiM is the
> institution responsible for the official Italian time
> (http://www.inrim.it/index.shtml). Mr.Pettiti confirmed there was *no*
> leap second scheduled yesterday (as we all suspected, right?), so that
> is definitely a fake.
> It may well be a DOS attempt, but as another colleague of mine
> it could also be a bug in some upstream servers, which didn't
> disarm the
> leap second after June 30th, and propagated it again yesterday.
> Question now is: assuming those servers were running ntpd, was such a
> bug reported at some point?
> -- bronto
> questions mailing list
> questions at lists.ntp.org <mailto:questions at lists.ntp.org>
More information about the questions