[ntp:questions] NTP servers not accessible on some networks

Rob nomail at example.com
Wed May 21 17:44:47 UTC 2014


Antonio Marcheselli <puppa at me.la> wrote:
>>
>> You can try "traceroute -U -p 123 ip.ad.dr.es" to see where it is being
>> blocked, and if it is nearby to your ISP complain to your ISP about it.
>>
>
> Hi,
>
> Here is a standard traceroute
>
> xxxxxxx-2:~# traceroute 130.88.200.4
> traceroute to 130.88.200.4 (130.88.200.4), 30 hops max, 40 byte packets
>   1  192.168.241.1 (192.168.241.1)  0.000 ms  0.000 ms  0.000 ms
>   2  * * *
>   3  109.204.0.218 (109.204.0.218)  43.988 ms  45.987 ms  47.987 ms
>   4  * * *
>   5  * * *
>   6  * * *
>   7  135.196.65.115 (135.196.65.115)  31.991 ms  33.991 ms  35.990 ms
>   8  195.66.224.15 (195.66.224.15)  37.990 ms  38.989 ms  40.989 ms
>   9  146.97.35.181 (146.97.35.181)  42.988 ms  44.988 ms  46.987 ms
> 10  146.97.33.14 (146.97.33.14)  53.985 ms  54.985 ms  56.984 ms
> 11  146.97.33.42 (146.97.33.42)  60.983 ms  62.983 ms  36.990 ms
> 12  146.97.41.62 (146.97.41.62)  39.989 ms  41.988 ms  41.989 ms
> 13  194.66.27.18 (194.66.27.18)  41.988 ms  42.988 ms  42.988 ms
> 14  194.66.26.102 (194.66.26.102)  43.988 ms  43.988 ms  43.988 ms
> 15  130.88.250.73 (130.88.250.73)  381.895 ms  380.895 ms  378.896 ms
> 16  130.88.200.4 (130.88.200.4)  37.990 ms  37.989 ms  37.990 ms
>
> Here is for port 123 as you suggested
>
> xxxxx-2:~# traceroute -U -p 123 130.88.200.4
> traceroute to 130.88.200.4 (130.88.200.4), 30 hops max, 40 byte packets
>   1  192.168.241.1 (192.168.241.1)  1.000 ms  1.000 ms  1.000 ms
>   2  * * *
>   3  109.204.0.218 (109.204.0.218)  34.990 ms  37.989 ms  38.989 ms
>   4  * * *
>   5  * * *
>   6  * * *
>   7  135.196.65.115 (135.196.65.115)  55.985 ms  55.985 ms  57.984 ms
>   8  * * *
>   9  * * * (then just nothing)
>
> What do I get from this? It's definitely not my router (192.168.241.1).
>
> Thank you!

When I do the same traceroutes, I get past the same router 195.66.224.15
that does not answer for you, but for me it answers both in normal- and
in port 123 mode.
This could mean that the folks at 195.66.224.15 (or maybe 135.196.65.115)
are blocking NTP for you but not for me.

Note that there have been flooding incidents lately that made some
providers block all NTP or maybe large blocks of addresses in combination
with NTP because their equipment could not handle the flooding or bugs
in it appeared because of the large scale portscans.

There is probably little you can do other than using closeby NTP servers
only, e.g. one from your own ISP.  Which is a good idea anyway.



More information about the questions mailing list