Re: Open Letter to D-Link about their NTP vandalism

[Valdis.Kletnieks () vt edu]

On Fri, 07 Apr 2006 20:16:03 EDT, Jared Mauch said:

>       My suggestion is rename from gps -> gps1 and drop the gps
> dns name.  That combined with some bind/whatever views that
> scope the dns responses are effective since it's a DNS name.

That will fix the problem.  In 2012 or so.

I have a hostname that just now saw 500 NTP packets in 112 seconds.  OK, so
it's only 5 packets per second.

Mind you, that hostname *was* at one time a stratum-2 server.  But it moved to
a different host on April 7, 2000 - 6 *years* ago.  One year after that, it
stopped answering NTP entirely at that IP address. And that IP address went
away entirely during a building renovation 4 years ago.  There's still an ARP
every 2-3 seconds for it caused by people who hard-coded the IP address.

I'm not sure which is scarier - the fact that of those 500 queries, 367 were
*still* running NTPv1 - or that 89 were NTPv3 and and 44 were NTPv4, when the
host in question has never answered an NTPv4 query from off campus.

So somebody mentioned a stratum-1 is seeing 37 PPS - I'm still seeing 1/6 of that
level for something that went away *last century*.

Attachment: _bin
Description: