Hi Steven,
Thanks for the research - very interesting. Which stratum-1 servers are
still advertising LI=01? Is it possible to contact their administrators
to learn why they might be erroneously advertising? Can you see if those
servers have anything in common?
How are the leap-second flags meant to be cleared after a leap second?
Is it supposed to be automatic? Is there a bug in some code (ntpd or
elsewhere) that is failing to clear the flag in (some versions of) ntp
server software? I did check earlier this morning and I was unable to
find a bug filed against ntpd regarding this issue - does anyone know if
we should go ahead and file a bug? It'd be nice to have more
information on whether this is really an ntpd issue.
In general it certainly sounds like there is some brittleness somewhere
in the mechanism for clearing the leap-second (LI) flags after the leap
second occurs.
Thanks,
--Jeff
On 8/1/2012 7:33 AM, steven Sommars wrote:
I've seen no evidence of a denial of service attack, bugs are more
likely. Several stratum one servers have been advertising LI=1
continuously for the past month. Others alternate between LI=0 and
LI=1.
Most servers claim to run ntpd.
There are over 10 stratum one's that advertise LI=1 as of Wed Aug 1
14:18:51 UTC 2012. Unless this changes another false leap second
could occur on August 31, 2012
On Wed, Aug 1, 2012 at 7:58 AM, Marco Marongiu <brontoli...@gmail.com
<mailto:brontoli...@gmail.com>> wrote:
On 01/08/12 10:28, Marco Marongiu wrote:
> I tried to collect some information around the globe, but with
scarce/no
> feedback. I am *suspecting* that this could be a rather imaginative
> attempt to DOS worldwide.
>
> Anyway, a colleague of mine is now hunting down some upstreams that
> faked the leap second. If we get something out of his research,
I'll let
> you know.
While my colleague is working with a stratum 1 timekeeper to
investigate
this better, I called the people at INRiM in Italy -- INRiM is the
institution responsible for the official Italian time
(http://www.inrim.it/index.shtml). Mr.Pettiti confirmed there was *no*
leap second scheduled yesterday (as we all suspected, right?), so that
is definitely a fake.
It may well be a DOS attempt, but as another colleague of mine
suggests,
it could also be a bug in some upstream servers, which didn't
disarm the
leap second after June 30th, and propagated it again yesterday.
Question now is: assuming those servers were running ntpd, was such a
bug reported at some point?
Ciao
-- bronto
_______________________________________________
questions mailing list
questions@lists.ntp.org <mailto:questions@lists.ntp.org>
http://lists.ntp.org/listinfo/questions
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions