[ntp:questions] Re: abuse or bug ?

David L. Mills mills at udel.edu
Sat Jan 29 18:23:20 UTC 2005


Henk,

As before, your Ames critter does not respond either to ntpq or ping, so 
I assume it is behind a firewall. So, I cannot confirm it is or is not a 
current or former NTP version. The abuse reported in my recent paper 
showed that a handful of some several million clients of the NIST and 
USNO public servers did hammer away at rates of one packet/sec or 
greater. I would assume in the mix there must be many thousands of NTPv4 
clients which do not show symptoms like that, so I have assumed the 
abuse comes from Netgear or other broken clients.

You wish for a bug to be fixed in a release version over a year and 
seveal generations older than the current development version that 
lights up our wires now. Several small changes have been made since the 
release version, primarily to align the code behavior to a formal 
specification, but none of these should result in the behavior you cite. 
I assume the release version has been widely deployed since it was 
released over a year ago, but I have no reports of similar behavior and 
no clue as to the circumstance that provokes it. The only advice I can 
give is to move to a more recent version.

Dave

Henk Penning wrote:
> In <cteni6$puv$1 at dewey.udel.edu> "David L. Mills" <mills at udel.edu> writes:
> 
> 
>>Henk,
>>
>>The ntpd appears to be running properly, although ntpdc lies through its 
>>teeth and ntpq is a much better diagnostic. The version is the current 
>>release, although it is well over a year old.
>>
>>So far as I know, yours is the only report of this behavior. My initial 
>>concern was that a bug like this occured in a test version and was 
>>quickly fixed before the test escaped our wires. In any case, that 
>>occasion was after 4.2.0 was released. Notwithstanding disclaimers, the 
>>quickest way for us to resume normal programming may be to move to a 
>>more modern release and stay tuned for further reports, if any.
> 
>   
>   If this is a bug, I hope it gets fixed because these 'timehogs'
>   (1% of our clients) generate 90% of ntp traffic.
> 
>   Here is another one that looks promissing :
> 
>   site                count pack/min  last [hrs ago]  first [hrs ago]
>   pkimac.arc.nasa.gov 66429  57.4198             0.0             19.3
> 
>   Does anyone have a cooperative contact at Ames Research ?
> 
> 
>>Dave
> 
> 
>   Henk Penning
> 
> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
> Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/
> http://www.cs.uu.nl/staff/henkp.html          M penning at cs.uu.nl  \_/
> --
> ----------------------------------------------------------------   _
> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
> Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/



More information about the questions mailing list