On Sat, Jul 5, 2008 at 9:58 AM, Bob <[EMAIL PROTECTED]> wrote: > It's happened again. I disabled auth last night after my previous post, and > let it run overnight with Wireshark capturing I've now got two IP addresses > listed as peers that I did not add. They are listed as "sym_passive". I see > requests from these sites listed as "mode 1" in monlist. Looking at the > Wireshark packet captures, the packet from the remote that seems to make me > start polling the remote contains a flag of "Symmetric Mode Active". I got > a number of packets from this same remote that I began polling, that when > looked at with Wireshark, did things like changing polling frequency. All > had "Symmetric Mode Active" set. My polls all have "Symmetric Mode Passive" > set.
Could they be Windows machines running Windows Time Service W32time without proper configuration polling your server? By default, w32time uses symmetric active mode (it assumes it is talking to other W32time domain machines.) The reference implementation of ntpd will not reject or ignore those symmetric active polls, I think, but will not really peer with them either. It just answers with a timestamp in symmetric mode, but internally treats the associations as client mode in all other respects. -- RPM _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
