On Mon, Oct 06, 2014 at 06:49:58PM -0700, Evandro Menezes wrote: > On Monday, October 6, 2014 6:50:09 PM UTC-5, William Unruh wrote: > > Not only that but they are probably running ntp 3 systems, which does > > not have KOD. > > The suspects are purportedly NTPV4: > > remote address port local address count m ver rstr avgint > lstint > wnpgmb1154w-a-b 123 192.168.a.b 18 3 4 5f8 6 0 > a-b.dyn.suddenlink.net 42324 192.168.a.b 1590 3 4 5f8 14 > 6
Out of curiousity, do you have a pcap file or tcpdump output you could share? I've been trying to fix widely used open source (S)NTP implementations to not poll frequently and I'm wondering if this is a client I know. -- Miroslav Lichvar _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions