On Thu, 22 Dec 2005, Karel Sandler wrote: > My question is, if there is a possibility how to distinguish between a > misconfigured client or a grup of more or less standard clients behind a > NAT. Originally, I thought, it would be easy. Ideally, the timestamps of a
Perhaps you could look at the source ports. I'm not sure, but I think NTPD not only listens on port 123, it uses that as it's source port. A masquerading system will remap the source port to something else, usually quite high, and definitely outside of Unix's traditional "reserved ports" range (< 1024). ---- Michael Deutschmannn <[EMAIL PROTECTED]> _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
