Re: What's going on with NTP?
https://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html https://www.team-cymru.org/ReadingRoom/Templates/secure-endrun-template.html
Re: Help me make sense of these traceroutes please
Thats why you're a bacon zombie. If you were a living person you'd know free beer tastes the same irrespective of the containment vessel. ;) I hope Santa brought all of you what you wanted. If not, blame UPS. Sent from my Mobile Device. Original message From: Bacon Zombie Date: 12/25/2013 11:24 AM (GMT-09:00) To: valdis.kletni...@vt.edu Cc: s...@circlenet.us,nanog@nanog.org Subject: Re: Help me make sense of these traceroutes please Pitcher of Guinness!?! What blasphemy is this, the only way to drink it is via individually poured pint glasses. Back to the issues I'd say MPLS or GHCQ before NSA. On 25 Dec 2013 15:52, wrote: > On Tue, 24 Dec 2013 19:03:02 -0500, Sam Moats said: > > > Also you'd be amazed how many network issues can be solved with a bunch > > of IT folks and an ample supply of Guinness > > I once heard the claim that if you couldn't explain your network design and > have the listener understand it after you had split a pitcher of Guiness, > it was probably too complicated. > >
Re: Help me make sense of these traceroutes please
Pitcher of Guinness!?! What blasphemy is this, the only way to drink it is via individually poured pint glasses. Back to the issues I'd say MPLS or GHCQ before NSA. On 25 Dec 2013 15:52, wrote: > On Tue, 24 Dec 2013 19:03:02 -0500, Sam Moats said: > > > Also you'd be amazed how many network issues can be solved with a bunch > > of IT folks and an ample supply of Guinness > > I once heard the claim that if you couldn't explain your network design and > have the listener understand it after you had split a pitcher of Guiness, > it was probably too complicated. > >
Re: Help me make sense of these traceroutes please
> with a bunch of IT folks and an ample supply of Guinness. My ex used to call it "design fluid". :-) Happy holidays, everyone! Anne Anne P. Mitchell, Attorney at Law CEO/President ISIPP SuretyMail Email Accreditation http://www.ISIPP.com Member, Cal. Bar Cyberspace Law Committee Author: Section 6 of the CAN-SPAM Act of 2003 How do you get to the inbox instead of the spam filter? SuretyMail! Helping businesses keep their email out of the junk folder since 1998 http://www.isipp.com/SuretyMail Author, "They're Your Kids Too: The Single Father's Guide to Defending Your Fatherhood in a Broken Family Law System" http://www.amazon.com/Theyre-Your-Kids-Too-Fatherhood/dp/061551443X
Re: What's going on with NTP?
On 12/25/2013 11:35 AM, John Levine wrote: > I have two FreeBSD servers where the NTP daemons are using double digit CPU > percentages today rather than the usual 0.01%. Restarting them didn't help. > > The clock on my Android phone is five hours slow. (It's not the time zone, > I checked that.) > > Is this just my special Christmas present, or are there screwed up NTP > servers? > > Regards, > John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for > Dummies", > Please consider the environment before reading this e-mail. http://jl.ly > you probably need to configure them correctly with: restrict default ignore and add additional restrict lines if you have need for other legitimate servers to make contact with them. i suspect right now you're providing an ntp amplification attack to the spoofed source address. -david
Re: What's going on with NTP?
There have been a lot of NTP reflection attacks recently. Think the same as dns amplification. Make sure you restrict access and know how to look at the client list. Jared Mauch > On Dec 25, 2013, at 10:42 AM, Javier Henderson wrote: > > >> On Dec 25, 2013, at 11:35 AM, John Levine wrote: >> >> I have two FreeBSD servers where the NTP daemons are using double digit CPU >> percentages today rather than the usual 0.01%. Restarting them didn't help. >> >> The clock on my Android phone is five hours slow. (It's not the time zone, >> I checked that.) >> >> Is this just my special Christmas present, or are there screwed up NTP >> servers? > > I suspect your servers are being attacked. Are you seeing a lot of in/out NTP > traffic on those FreeBSD servers? > > -jav > >
Re: What's going on with NTP?
On Dec 25, 2013, at 11:35 AM, John Levine wrote: > I have two FreeBSD servers where the NTP daemons are using double digit CPU > percentages today rather than the usual 0.01%. Restarting them didn't help. > > The clock on my Android phone is five hours slow. (It's not the time zone, > I checked that.) > > Is this just my special Christmas present, or are there screwed up NTP > servers? I suspect your servers are being attacked. Are you seeing a lot of in/out NTP traffic on those FreeBSD servers? -jav
What's going on with NTP?
I have two FreeBSD servers where the NTP daemons are using double digit CPU percentages today rather than the usual 0.01%. Restarting them didn't help. The clock on my Android phone is five hours slow. (It's not the time zone, I checked that.) Is this just my special Christmas present, or are there screwed up NTP servers? Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
Re: Help me make sense of these traceroutes please
On Tue, 24 Dec 2013 19:03:02 -0500, Sam Moats said: > Also you'd be amazed how many network issues can be solved with a bunch > of IT folks and an ample supply of Guinness I once heard the claim that if you couldn't explain your network design and have the listener understand it after you had split a pitcher of Guiness, it was probably too complicated. pgpwmQleyV_4U.pgp Description: PGP signature
Re: Help me make sense of these traceroutes please
On Wed, Dec 25, 2013 at 8:03 AM, Martin Hotze wrote: > > > On 2013-12-25 00:16, Sam Moats wrote: > ... > > You are likely seeing the effects of asymmetric routing. > . .. or the effect of passing traffic through NSA infrastructure. > > Ah... NSA. That's probably it. So much for my theory of a Router virtual chassis straddling the atlantic. or the extra kinetic energy carried by the overseas-bound packet took longer for the router to absorb and rebound with an ICMP. But in all seriousness --- what is probably happening here, is the result of extra "hops" that don't show up in traceroute. MPLS tunnels could well fit the bill. Other things to consider when latency seems sensitive to destination IP --- are preceding device in the traceroute might also have multiple links to the same device; with one link congested and some form of IP-based load sharing, that happens to be the toward-overseas link. > SCNR, #m -- -JH
Re: Help me make sense of these traceroutes please
> From: Jeroen Massar > To: s...@circlenet.us, nanog@nanog.org > Subject: Re: Help me make sense of these traceroutes please > > On 2013-12-25 00:16, Sam Moats wrote: > > Hello Nanog community, > > I would like to enlist your help with understanding this latency I'm > > seeing. > > You are likely seeing the effects of asymmetric routing. . .. or the effect of passing traffic through NSA infrastructure. SCNR, #m
