Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Every little picofarad has a nanohenry all its own. -- Don Vonada

devel / comp.protocols.time.ntp / Unknown peer listed in ntpq -p output

SubjectAuthor
* Unknown peer listed in ntpq -p outputA C
`- Re: Unknown peer listed in ntpq -p outputMiroslav Lichvar

1
Unknown peer listed in ntpq -p output

<d80706b3-9ddb-4e7f-88d6-09f92446f0d6n@googlegroups.com>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=302&group=comp.protocols.time.ntp#302

  copy link   Newsgroups: comp.protocols.time.ntp
X-Received: by 2002:a05:6214:625:b0:441:1578:620b with SMTP id a5-20020a056214062500b004411578620bmr4499082qvx.126.1650651030490;
Fri, 22 Apr 2022 11:10:30 -0700 (PDT)
X-Received: by 2002:a05:6808:1289:b0:322:9e57:9e92 with SMTP id
a9-20020a056808128900b003229e579e92mr2826635oiw.155.1650651030244; Fri, 22
Apr 2022 11:10:30 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.protocols.time.ntp
Date: Fri, 22 Apr 2022 11:10:30 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=204.237.88.141; posting-account=12KkpAoAAACBK3B-0mT2yO7ahu5217nj
NNTP-Posting-Host: 204.237.88.141
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <d80706b3-9ddb-4e7f-88d6-09f92446f0d6n@googlegroups.com>
Subject: Unknown peer listed in ntpq -p output
From: 4433258@gmail.com (A C)
Injection-Date: Fri, 22 Apr 2022 18:10:30 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 34
 by: A C - Fri, 22 Apr 2022 18:10 UTC

Hello,

Recently I was looking at the output of the ntpq -np command on a stratum 2 server I manage and noticed an IP I did not recognized in the output. (The 3 usual stratum 1s were there, but then a fourth one (a stratum 3) was also listed.) That fourth entry is listed as a stratum 3, and the associations details show that it is using NTP authentication, so I assume this is a legitimate client that is using a symmetric key to authenticate with my NTP server.

I double checked my /etc/ntp.conf and indeed this IP is not in the NTP configuration file, and appears in the ntpq output some time after the ntpd is restarted.

My ntp stratum 2 server is configured with the "restrict default nomodify notrap nopeer noquery" so I assume that external clients cannot add servers to the list using tools such as ntpq/ntpdc.

Is there any other method that someone could use to modify the list of peers that my ntpq command reports (maybe undocumented)?
If a client is using symetric key authentication with my server, would this change the restrictions in any way, possibly allowing that client to make modifications to my running ntpd?

I'm not sure what else I should do at this point in order to troubleshoot this... :-(

I'm running ntpd 4.2.6p5, on CentOS 7.9.2009

Thanks,
Andre

Thanks,
Andre

Re: Unknown peer listed in ntpq -p output

<t45jh3$ei$1@gioia.aioe.org>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=303&group=comp.protocols.time.ntp#303

  copy link   Newsgroups: comp.protocols.time.ntp
Path: i2pn2.org!i2pn.org!aioe.org!wqF6YW3b7B3ExDozbCCFcA.user.46.165.242.75.POSTED!not-for-mail
From: mlichvar@redhat.com (Miroslav Lichvar)
Newsgroups: comp.protocols.time.ntp
Subject: Re: Unknown peer listed in ntpq -p output
Date: Mon, 25 Apr 2022 07:44:35 -0000 (UTC)
Organization: Aioe.org NNTP Server
Message-ID: <t45jh3$ei$1@gioia.aioe.org>
References: <d80706b3-9ddb-4e7f-88d6-09f92446f0d6n@googlegroups.com>
Injection-Info: gioia.aioe.org; logging-data="466"; posting-host="wqF6YW3b7B3ExDozbCCFcA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: slrn/1.0.3 (Linux)
X-Notice: Filtered by postfilter v. 0.9.2
 by: Miroslav Lichvar - Mon, 25 Apr 2022 07:44 UTC

On 2022-04-22, A C <4433258@gmail.com> wrote:
> Recently I was looking at the output of the ntpq -np command on a
> stratum 2 server I manage and noticed an IP I did not recognized in
> the output. (The 3 usual stratum 1s were there, but then a fourth one
> (a stratum 3) was also listed.) That fourth entry is listed as a
> stratum 3, and the associations details show that it is using NTP
> authentication, so I assume this is a legitimate client that is using
> a symmetric key to authenticate with my NTP server.

> My ntp stratum 2 server is configured with the "restrict default
> nomodify notrap nopeer noquery" so I assume that external clients
> cannot add servers to the list using tools such as ntpq/ntpdc.

If they have a valid key, they can create symmetric associations
with your server by specifying your server as a peer in their config.

You would need to have the "noepeer" option in the restrictions to
prevent that, but this option is not supported in the ntp package you
are using.

--
Miroslav Lichvar

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor