On Wed, Feb 26, 2014 at 01:15:14PM +0100, Marek Podmaka wrote:
|| Today I have received report from pool that it cannot connect to my
|| IPv4 server (IPv6 on the same server works OK). I guess monitoring is
|| in USA.
|| Also website http://keetweej.vanheusden.com/query_ntp.php says it
|| cannot connect. That appears to be in Netherlands.
||
|| My server (92.240.244.202) is working OK, queries from clients are
|| coming (about 20 packets/s currently) and NTP answering on them. I
|| have tested from my other server in Germany and from there it works. I
|| have also confirmed that entire subnet seems to be blocked from those
|| servers/countries. My direct connectivity provider says they don't
|| block it on their side.
This may be a clue:
$traceroute 92.240.244.202
traceroute to 92.240.244.202 (92.240.244.202), 30 hops max, 60 byte packets
1 lo1.dr5.d12.xs4all.net (194.109.5.219) 22.435 ms
2 1315.ae3.xr3.3d12.xs4all.net (194.109.7.161) 17.292 ms
3 0.so-1-2-0.xr1.tc2.xs4all.net (194.109.5.14) 16.618 ms
4 ams-001.interoute.net (195.69.144.81) 18.003 ms
5 ae0-0.ams-koo-score-2-re0.interoute.net (84.233.190.2) 44.679 ms
6 ae1-0.fra-006-score-1-re0.interoute.net (84.233.190.50) 42.746 ms
7 ae1-0.vie-per-score-1-re0.interoute.net (212.23.43.25) 48.159 ms
8 ae0-0.vie-per-score-2-re0.interoute.net (212.23.43.50) 41.760 ms
9 ae1-0.bts-001-score-1-re0.interoute.net (84.233.147.13) 43.146 ms
10 89.202.153.150 (89.202.153.150) 43.516 ms
11 121.224.240.92.in-addr.arpa.lightstorm.sk (92.240.224.121) 42.502 ms
12 118.224.240.92.in-addr.arpa.lightstorm.sk (92.240.224.118) 46.722 ms
13 kenny.oneemedia.com (92.240.244.202) 42.954 ms
$traceroute -U -p 53 92.240.244.202
traceroute to 92.240.244.202 (92.240.244.202), 30 hops max, 60 byte packets
1 lo1.dr5.d12.xs4all.net (194.109.5.219) 24.577 ms
2 1315.ae3.xr3.3d12.xs4all.net (194.109.7.161) 21.889 ms
3 0.so-1-2-0.xr1.tc2.xs4all.net (194.109.5.14) 22.269 ms
4 ams-001.interoute.net (195.69.144.81) 22.650 ms
5 ae0-0.ams-koo-score-2-re0.interoute.net (84.233.190.2) 42.137 ms
6 ae1-0.fra-006-score-1-re0.interoute.net (84.233.190.50) 43.525 ms
7 ae1-0.vie-per-score-1-re0.interoute.net (212.23.43.25) 42.930 ms
8 ae0-0.vie-per-score-2-re0.interoute.net (212.23.43.50) 78.475 ms
9 ae1-0.bts-001-score-1-re0.interoute.net (84.233.147.13) 42.636 ms
10 89.202.153.150 (89.202.153.150) 44.014 ms
11 121.224.240.92.in-addr.arpa.lightstorm.sk (92.240.224.121) 44.400 ms
12 118.224.240.92.in-addr.arpa.lightstorm.sk (92.240.224.118) 43.764 ms
13 kenny.oneemedia.com (92.240.244.202) 44.137 ms
$traceroute -U -p 123 92.240.244.202
traceroute to 92.240.244.202 (92.240.244.202), 30 hops max, 60 byte packets
1 lo1.dr5.d12.xs4all.net (194.109.5.219) 21.563 ms
2 1315.ae3.xr3.3d12.xs4all.net (194.109.7.161) 22.274 ms
3 0.so-1-2-0.xr1.tc2.xs4all.net (194.109.5.14) 22.641 ms
4 *
5 *
6 *
[snip, no responses]
$
Perhaps interoute are filtering ntp to mitigate the recent reflection
attacks.
Vincent.
[PS gpg-signed messages seem to be rejected on this list..]
--
Vincent Zweije <[email protected]> | "If you're flamed in a group you
<http://www.xs4all.nl/~zweije/> | don't read, does anybody get burnt?"
[Xhost should be taken out and shot] | -- Paul Tomblin on a.s.r.
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
