[ntp:questions] Re: abuse or bug ?
David L. Mills
mills at udel.edu
Sat Jan 29 18:23:20 UTC 2005
Henk,
As before, your Ames critter does not respond either to ntpq or ping, so
I assume it is behind a firewall. So, I cannot confirm it is or is not a
current or former NTP version. The abuse reported in my recent paper
showed that a handful of some several million clients of the NIST and
USNO public servers did hammer away at rates of one packet/sec or
greater. I would assume in the mix there must be many thousands of NTPv4
clients which do not show symptoms like that, so I have assumed the
abuse comes from Netgear or other broken clients.
You wish for a bug to be fixed in a release version over a year and
seveal generations older than the current development version that
lights up our wires now. Several small changes have been made since the
release version, primarily to align the code behavior to a formal
specification, but none of these should result in the behavior you cite.
I assume the release version has been widely deployed since it was
released over a year ago, but I have no reports of similar behavior and
no clue as to the circumstance that provokes it. The only advice I can
give is to move to a more recent version.
Dave
Henk Penning wrote:
> In <cteni6$puv$1 at dewey.udel.edu> "David L. Mills" <mills at udel.edu> writes:
>
>
>>Henk,
>>
>>The ntpd appears to be running properly, although ntpdc lies through its
>>teeth and ntpq is a much better diagnostic. The version is the current
>>release, although it is well over a year old.
>>
>>So far as I know, yours is the only report of this behavior. My initial
>>concern was that a bug like this occured in a test version and was
>>quickly fixed before the test escaped our wires. In any case, that
>>occasion was after 4.2.0 was released. Notwithstanding disclaimers, the
>>quickest way for us to resume normal programming may be to move to a
>>more modern release and stay tuned for further reports, if any.
>
>
> If this is a bug, I hope it gets fixed because these 'timehogs'
> (1% of our clients) generate 90% of ntp traffic.
>
> Here is another one that looks promissing :
>
> site count pack/min last [hrs ago] first [hrs ago]
> pkimac.arc.nasa.gov 66429 57.4198 0.0 19.3
>
> Does anyone have a cooperative contact at Ames Research ?
>
>
>>Dave
>
>
> Henk Penning
>
> Henk P. Penning, Computer Systems Group R Uithof CGN-A232 _/ \_
> Dept of Computer Science, Utrecht University T +31 30 253 4106 / \_/ \
> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/
> http://www.cs.uu.nl/staff/henkp.html M penning at cs.uu.nl \_/
> --
> ---------------------------------------------------------------- _
> Henk P. Penning, Computer Systems Group R Uithof CGN-A232 _/ \_
> Dept of Computer Science, Utrecht University T +31 30 253 4106 / \_/ \
> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/
More information about the questions
mailing list