Thanks for the link to the paper, very interesting stuff! I've only
given it a quick read, when I have more time I'll definitely sit down
and study it more in-depth.
I noticed the data used was from May-June 2015, has there been any
newer sampling done? Or any other location for some statistics
I looked at a sample of NTP queries sent to a busy European server. Many
queries had precision of -6, few were -7.
UDP source ports ranged from 1 to 65535. The most common UDP source ports
were 123, 1026, 1027, 1028, 1025.
A NIST paper, https://tf.nist.gov/general/pdf/2818.pdf , may be of
On Tue, Nov 20, 2018 at 11:19:24AM -0600, Jason Rabel wrote:
> In response to my own question I looked a little deeper into the odd
> traffic using tcpdump. Best I can tell they are indeed properly
> formatted NTP requests, the curious bit is seeing most of these
> requests having a precision of
In response to my own question I looked a little deeper into the odd
traffic using tcpdump. Best I can tell they are indeed properly
formatted NTP requests, the curious bit is seeing most of these
requests having a precision of -6 or -7. While I know some older MS OS
set their internal time update
I was making some firewall changes and accidently flip-flopped some
settings briefly. While reviewing the firewall logs I noticed that
there was some NTP traffic coming from various privileged ports (other
than 123)... Literally like ports 1,3,5,6,7, and many others in the
double & triple digit
