Open Letter to D-Link about their NTP vandalism
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Sat Apr 8 07:15:24 UTC 2006
On Fri, 07 Apr 2006 20:16:03 EDT, Jared Mauch said:
> My suggestion is rename from gps -> gps1 and drop the gps
> dns name. That combined with some bind/whatever views that
> scope the dns responses are effective since it's a DNS name.
That will fix the problem. In 2012 or so.
I have a hostname that just now saw 500 NTP packets in 112 seconds. OK, so
it's only 5 packets per second.
Mind you, that hostname *was* at one time a stratum-2 server. But it moved to
a different host on April 7, 2000 - 6 *years* ago. One year after that, it
stopped answering NTP entirely at that IP address. And that IP address went
away entirely during a building renovation 4 years ago. There's still an ARP
every 2-3 seconds for it caused by people who hard-coded the IP address.
I'm not sure which is scarier - the fact that of those 500 queries, 367 were
*still* running NTPv1 - or that 89 were NTPv3 and and 44 were NTPv4, when the
host in question has never answered an NTPv4 query from off campus.
So somebody mentioned a stratum-1 is seeing 37 PPS - I'm still seeing 1/6 of that
level for something that went away *last century*.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060408/70837f15/attachment.sig>
More information about the NANOG
mailing list