On Sep 20, 2007, at 9:58 AM, der Mouse wrote: >> I have seen an increase in NTP requests from addresses in the >> 10.0.0.* net in the past couple of weeks. > > These indicate that *someone* isn't doing proper ingress filtering; > RFC1918-private addresses should not be hitting you from the outside.
I've been seeing this as well. They haven't been reaching my NTP server because they are stopped at my firewall. > > Since 10/8 is not globally routed, they have to be coming from your > side of your upstream default-free zone, which probably means your own > ISP. Ah. I hadn't thought of that. I was entirely bewildered at how something like that could get so far. I hadn't realized that it might be coming from some place near by. > >> Is this misconfigured networking on the client's end? > > Yes. Also badly misconfigured networking on your ISP's end. > >> Any chance of tracking these clients down and helping them out? > > Depends. If your ISP is competent, this is just an "uh..oops!" they > should fix pronto once it's brought to their attention. If not, you > may have trouble finding anyone who even understands the issue.... When I have a free three hours, I'm planning on calling Verizon just to get a more basic routing thing sorted out. I've got a static /29, but the gateway that I'm supposed to use is not within that space. That, of course, is not how things should be. My router/firewall, m0n0wall is very strict about such things, so I've had to specify my network as an /25. Considering that it took me two painful hours on the phone to get someone at verizon to get the PTR records for my static range sorted out, I'm not looking forward to this routing issue. -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/ _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
