"Per Hedeland" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > In article <[EMAIL PROTECTED]> "Bob" > <[EMAIL PROTECTED]> writes: >> >>"Steve Kostecke" <[EMAIL PROTECTED]> wrote in message >>news:[EMAIL PROTECTED] >> >>> None of the following is germane to your symmetric key issue, but ... >>> >>>> keys "C:\Program Files\NTP\etc\ntp.keys" >>>> enable auth >>> >>> Auth is enabled by default. It can be disabled on the command-line. The >>> worst that can happen is this line will generate an extra log entry. >> >>I disabled auth earlier this week, and promptly got attacked. I did an >>enable auth with the intention of reversing my disable auth. > > Unless someone has done something really bad to current versions of the > code, enable/disable auth has nothing to do with ntpdc control commands > - those *always* require authentication, and if you haven't configured a > key file, they just cannot be done. If (as you claimed earlier) your > config got changed by someone else, you have bigger problems to chase > (as in someone has broken into your system). I suspect that you were > just seeing a badly-behaved client trying to get time from your server, > though. > > --Per Hedeland > [EMAIL PROTECTED]
There was no change to my config file. I noticed that I was frequently polling a single server in addition to my normal list, which were being polled at their normal rate. I looked at my server list, via ntpdc, and there was about 15 entries for the same IP. I never told my system to look at that server. I saw reasonably frequent incoming requests from that server, and they were listed as mode 1. I looked at the time being received from that server, and it's time was off by a couple of minutes. I'm willing to set my server to disable auth, and see if it happens again. This time Wireshark will be running to see what they're sending. _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
