On 18/05/2013 20:10, Brian Utterback wrote:
> On 5/18/2013 3:14 AM, Joe the Shmoe wrote:
[...]
>
> This is non-intuitive and arguably incorrect according to the RFC, but
> it is the programmed behavior. There was a time when all Windows
> clients used symmetric active mode, so to work around that ntpd with
> nopeer configured responded with symmetric active mode packets but did
> not mobilize the association. I don't know if they still use symmetric
> active by default. Perhaps this should be revisited.
Thank you for your explanations. I now understand the reason. Having
made some tests after my question here, there is effectively a
difference with a real symmetric passive which is shown by the 'peer'
command of ntpdc or ntpq (= an association is mobilized?), while here
hopefully that sort of "faked symmetric" exchanges on network side, do
not show with that same command. I guess, one cannot introduce false
time information to my server that way, if for example, the "symmetric
client" spoofs a stratum 1 server.
>
>>
>> - Other symmetric active requests come from the server itself toward one
>> of the 5 configured hosts. But the server only makes use of "server" in
>> the configuration (no "peer" statement). This occurs after a first NTP
>> client request to that configured host which get answered by two NTP
>> server from the configured host.
>
> Can you post the traces? I am not sure I follow.
An extract of such NTP exchanges (wireshark capture) is available at:
ftp host: edrusb.is-a-geek.org
login: nobody
password: ntp
>
> Brian.
Regards,
Joe.
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
