[ntp:questions] WARNING: someone's faking a leap second tonight

jclerman0 at gmail.com jclerman0 at gmail.com
Wed Aug 1 18:25:37 UTC 2012


On Wednesday, August 1, 2012 7:33:25 AM UTC-7, steven Sommars wrote:
> I've seen no evidence of a denial of service attack, bugs are more likely..
> 
>   Several stratum one servers have been advertising LI=1 continuously for
> 
> the past month.   Others alternate between LI=0 and LI=1.
> 
> Most servers claim to run ntpd.
> 
> 
> 
> There are over 10 stratum one's that advertise LI=1 as of Wed Aug  1
> 
> 14:18:51 UTC 2012.   Unless this changes another false leap second could
> 
> occur on August 31, 2012
> 
> 
> 
> 
> 
> 
> 
> On Wed, Aug 1, 2012 at 7:58 AM, Marco Marongiu <brontolinux at gmail.com>wrote:
> 
> 
> 
> > On 01/08/12 10:28, Marco Marongiu wrote:
> 
> > > I tried to collect some information around the globe, but with scarce/no
> 
> > > feedback. I am *suspecting* that this could be a rather imaginative
> 
> > > attempt to DOS worldwide.
> 
> > >
> 
> > > Anyway, a colleague of mine is now hunting down some upstreams that
> 
> > > faked the leap second. If we get something out of his research, I'll let
> 
> > > you know.
> 
> >
> 
> > While my colleague is working with a stratum 1 timekeeper to investigate
> 
> > this better, I called the people at INRiM in Italy -- INRiM is the
> 
> > institution responsible for the official Italian time
> 
> > (http://www.inrim.it/index.shtml). Mr.Pettiti confirmed there was *no*
> 
> > leap second scheduled yesterday (as we all suspected, right?), so that
> 
> > is definitely a fake.
> 
> >
> 
> > It may well be a DOS attempt, but as another colleague of mine suggests,
> 
> > it could also be a bug in some upstream servers, which didn't disarm the
> 
> > leap second after June 30th, and propagated it again yesterday.
> 
> >
> 
> > Question now is: assuming those servers were running ntpd, was such a
> 
> > bug reported at some point?
> 
> >
> 
> > Ciao
> 
> > -- bronto
> 
> > _______________________________________________
> 
> > questions mailing list
> 
> > questions at lists.ntp.org
> 
> > http://lists.ntp.org/listinfo/questions
> 
> >

(for those seeing this a second time, I apologize)

Hi Steven,

Thanks for the research - very interesting.  Which stratum-1 servers are still advertising LI=01?  Is it possible to contact their administrators to learn why they might be erroneously advertising?  Can you see if those servers have anything in common?

How are the leap-second flags meant to be cleared after a leap second?  Is it supposed to be automatic?  Is there a bug in some code (ntpd or elsewhere) that is failing to clear the flag in (some versions of) ntp server software?  I did check earlier this morning and I was unable to find a bug filed against ntpd regarding this issue - does anyone know if we should go ahead and file a bug?  It'd be nice to have more information on whether this is really an ntpd issue.

In general it certainly sounds like there is some brittleness somewhere in the mechanism for clearing the leap-second (LI) flags after the leap second occurs.

Thanks,
--Jeff



More information about the questions mailing list