Steve wrote: >Why don't you test it?
Well, I did. And got some strange results. First of all, if you specify notrap on your restrict line(s), you don't stop all traps. You will get at least one trap messaage stating that auth has failed. e.g robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap Thu Oct 4 9:03:46 2007 Listening at address 0.0.0.0 port 50095 Thu Oct 4 9:03:57 2007 localhost: err_auth_fail: Not a big deal but since it does respond with a message, there may be security implications. (e.g. DOS attacks) If you specify noquery on your restrict line(s), you do stop all traps and queries. You don't get any responses. e.g robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap Thu Oct 4 9:06:08 2007 Listening at address 0.0.0.0 port 50194 I also don't seem to get the same output that you posted earlier. With no restrictions specified (ie allowing traps, queries etc), I get the following output after restarting ntpd and running ntptrap immediately after: robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap Thu Oct 4 9:48:16 2007 Listening at address 0.0.0.0 port 51182 more more Thu Oct 4 9:49:29 2007 localhost trap#1 peer 33453 [127.127.1.0] [127.127.1.0] event_reach more more Thu Oct 4 9:49:29 2007 localhost trap#2 peer 33452 [192.168.1.26] [192.168.1.26] event_reach more Thu Oct 4 9:49:35 2007 localhost trap#3 SYSTEM event_sync/strat_chg stratum=16 refid=STEP peer=33452 more Thu Oct 4 9:49:35 2007 localhost trap#4 SYSTEM event_sync_chg stratum=3 refid=192.168.1.26leap_none sync_udp/time more Thu Oct 4 9:49:35 2007 localhost trap#5 SYSTEM event_sync/strat_chg stratum=3 refid=192.168.1.26 peer=33452 Hmm. You will notice that the output on my terminal states "more". I suspcted you must use the -l option in ntptrap to get ntptrap to write this output to a file. I tried to do that but was not able. Maybe this is a bug in the ntptrap perl script. e.g. robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap -l ntptrap.txt Cannot open "/dev/null ntptrap.txt": Permission denied I tried specifying even a full path for the text file. It made no difference. I still get an error. There also appears to be another bug in ntptrap. You can't specify a ntpd server. It also defaults to the localhost ntpd server. e.g. When I run ntptrap on a computer located at 192.126.1.27 robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap 192.168.1.26 Thu Oct 4 8:28:32 2007 Listening at address 0.0.0.0 port 49325 Hmm.. It always listens on 0.0.0.0. It will not listen for my other ntpd server located at 192.126.1.26.. The -p PORT options also doesn't seen to do anything either. If I am doing something wrong please let me know. In summary, the noquery restriction also blocks traps. There is no need to add notrap to restrict lines where noquery is specified. The notrap restriction does appear to stop all traps (except one -- the "err_auth_fail:" trap message). And it looks like there are bugs in the ntptrap perl script. One cannot specify a log file. Even worse, one cannot even specify a host. Rob _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
