[89834] in North American Network Operators' Group
Re: Open Letter to D-Link about their NTP vandalism
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat Apr 8 03:16:16 2006
To: Jared Mauch <jared@puck.nether.net>
Cc: Richard A Steenbergen <ras@e-gerbil.net>, nanog@merit.edu
In-Reply-To: Your message of "Fri, 07 Apr 2006 20:16:03 EDT."
<20060408001603.GN40440@puck.nether.net>
From: Valdis.Kletnieks@vt.edu
Date: Sat, 08 Apr 2006 03:15:24 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1144480523_2741P
Content-Type: text/plain; charset=us-ascii
On Fri, 07 Apr 2006 20:16:03 EDT, Jared Mauch said:
> My suggestion is rename from gps -> gps1 and drop the gps
> dns name. That combined with some bind/whatever views that
> scope the dns responses are effective since it's a DNS name.
That will fix the problem. In 2012 or so.
I have a hostname that just now saw 500 NTP packets in 112 seconds. OK, so
it's only 5 packets per second.
Mind you, that hostname *was* at one time a stratum-2 server. But it moved to
a different host on April 7, 2000 - 6 *years* ago. One year after that, it
stopped answering NTP entirely at that IP address. And that IP address went
away entirely during a building renovation 4 years ago. There's still an ARP
every 2-3 seconds for it caused by people who hard-coded the IP address.
I'm not sure which is scarier - the fact that of those 500 queries, 367 were
*still* running NTPv1 - or that 89 were NTPv3 and and 44 were NTPv4, when the
host in question has never answered an NTPv4 query from off campus.
So somebody mentioned a stratum-1 is seeing 37 PPS - I'm still seeing 1/6 of that
level for something that went away *last century*.
--==_Exmh_1144480523_2741P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFEN2MLcC3lWbTT17ARAizIAKCh+iIkZCLTOMeszl3ziqIq/Du2eACdHOse
i9899GxVLcmUtOi40FOkGLA=
=SCTT
-----END PGP SIGNATURE-----
--==_Exmh_1144480523_2741P--
