[ntp:questions] Local (own site) NTP servers.

Danny Mayer mayer at ntp.org
Sat Jul 25 17:54:22 UTC 2009


Richard B. Gilbert wrote:
> David Woolley wrote:
>> Hal Murray wrote:
>>
>>> Please see:
>>>   http://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
>> Although probably true about this case, a quick skim makes me think that 
>> this article breaks the Original Research rules for Wikipedia.  I think 
>> any one incident would be borderline on the rule, but associating the 
>> incidents without a source for the analysis of their releationship seems 
>> to me to be over the line.
> 
> Both incidents are well known.  Their only "relationship" was in having 
> a poorly designed and/or a poorly implemented NTP client which caused 
> particular servers to be bombarded with thousands of requests per second.
> 
> The "fix" was adding to the RFC a requirement that a client failing to 
> get a reply "back off" exponentially; e.g. if you don't get a reply, 
> double the interval between requests!  If this is correctly implemented 
> it results in the client increasing the interval between requests until 
> queries are sent at intervals of 1024 seconds.
> 

While I did get that language into the RFC draft, there is no guarantee
that 1) the implementor will read the RFC and 2) they will obey RFC's
and there is no IETF police to go arrest them for violating RFC's.

> There is also a "Kiss of Death" packet which will cause a conforming 
> implementation to cease polling the server issuing the K.O.D.
> 

Again the chances are pretty good that the implementor will not know
what a KOD packet is, never mind obey the RFC requirements. On the other
hand with the last change that Dave Mills made, if the server is running
the most recent ntpd code, the oblivious client will find that their
clock is drifting away faster and faster each time it queries the server
and it gets a KOD packet back!

> At this point, anyone who causes a repeat incident risks being laughed 
> off the planet!!
> 

Well at least their clock will be so badly off, they may as well be. See
above.

> I'd make a small bet that there will be another incident!  Never 
> underestimate the power of human stupidity!!

That's practically guaranteed. See above.

Danny

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the questions mailing list