[ntp:questions] WARNING: someone's faking a leap second tonight

Jeffrey Lerman jeffrey.lerman at gmail.com
Wed Aug 1 18:00:31 UTC 2012


Hi Steven,

Thanks for the research - very interesting.  Which stratum-1 servers are 
still advertising LI=01?  Is it possible to contact their administrators 
to learn why they might be erroneously advertising? Can you see if those 
servers have anything in common?

How are the leap-second flags meant to be cleared after a leap second?  
Is it supposed to be automatic?  Is there a bug in some code (ntpd or 
elsewhere) that is failing to clear the flag in (some versions of) ntp 
server software?  I did check earlier this morning and I was unable to 
find a bug filed against ntpd regarding this issue - does anyone know if 
we should go ahead and file a bug?  It'd be nice to have more 
information on whether this is really an ntpd issue.

In general it certainly sounds like there is some brittleness somewhere 
in the mechanism for clearing the leap-second (LI) flags after the leap 
second occurs.

Thanks,
--Jeff


On 8/1/2012 7:33 AM, steven Sommars wrote:
> I've seen no evidence of a denial of service attack, bugs are more 
> likely.   Several stratum one servers have been advertising LI=1 
> continuously for the past month.   Others alternate between LI=0 and 
> LI=1.
> Most servers claim to run ntpd.
>
> There are over 10 stratum one's that advertise LI=1 as of Wed Aug  1 
> 14:18:51 UTC 2012.   Unless this changes another false leap second 
> could occur on August 31, 2012
>
>
>
> On Wed, Aug 1, 2012 at 7:58 AM, Marco Marongiu <brontolinux at gmail.com 
> <mailto:brontolinux at gmail.com>> wrote:
>
>     On 01/08/12 10:28, Marco Marongiu wrote:
>     > I tried to collect some information around the globe, but with
>     scarce/no
>     > feedback. I am *suspecting* that this could be a rather imaginative
>     > attempt to DOS worldwide.
>     >
>     > Anyway, a colleague of mine is now hunting down some upstreams that
>     > faked the leap second. If we get something out of his research,
>     I'll let
>     > you know.
>
>     While my colleague is working with a stratum 1 timekeeper to
>     investigate
>     this better, I called the people at INRiM in Italy -- INRiM is the
>     institution responsible for the official Italian time
>     (http://www.inrim.it/index.shtml). Mr.Pettiti confirmed there was *no*
>     leap second scheduled yesterday (as we all suspected, right?), so that
>     is definitely a fake.
>
>     It may well be a DOS attempt, but as another colleague of mine
>     suggests,
>     it could also be a bug in some upstream servers, which didn't
>     disarm the
>     leap second after June 30th, and propagated it again yesterday.
>
>     Question now is: assuming those servers were running ntpd, was such a
>     bug reported at some point?
>
>     Ciao
>     -- bronto
>     _______________________________________________
>     questions mailing list
>     questions at lists.ntp.org <mailto:questions at lists.ntp.org>
>     http://lists.ntp.org/listinfo/questions
>
>



More information about the questions mailing list