Frank Kardel wrote:
You are not NATting anything ? A broken NAT config/device could give this too
if other systems from your network do queries that get mapped
to your primary system - but that's just a guess. Just like forged send IP
would be. Maybe you could double check at your outgoing link
(inner and outer interface) for correlations like that.
None of the internal systems should query outside servers. And even
if they did, they should not have started doing that all of a sudden a
week or so ago. Never say never, though, so I double-checked already, in
various ways. I'm pretty sure it's not coming from behind my back.
What I don't control is the ADSL router in front of me, though. If
my friendly ISP decided last week that it would be nice to sync it to
that belbone server, and if they forward the replies right through to
the network behind, then that might be the cause.
In fact, there is an indication that this might be what's going on.
Here is a tcpdump of one such reply:
> 19:59:19.083130 ntp1.belbone.be.ntp > adsl-gida.ntp: v1 server strat
2 poll 0 prec -20 (DF) [tos 0x10]
Note that it says "v1"... That's not in reply to an (x)ntp request.
If it is indeed the router, the master of time at belbone would see
requests coming in from over here (this is why I double-checked they're
not mine <g>). I haven't heard back from them, but then they said
they're working on things. If they see queries, it'll be time to call my
ISP.
The strange packets are no longer coming in and in any case, I don't have
the resources right now to hook up a Linux box with a more recent kernel to see
what would happen.
Well, at least things did a bit improve, didn't they :-) ?
The glass is either half full or half empty. It's just that I like
to get at the bottom of things, both problems and glasses. I hate
problems that disappear unsolved, almost as much as I hate glasses that
disappear unfinished <g>.
But yes, we're making progress and that's a Good Thing indeed.
Luc Pardon
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
