Mostly out of curiosity, what was the reason for the change in the Snapchat code, and what plans does Snap have for whatever reason the NTP change was put in place? Beckman On Tue, 20 Dec 2016, Jad Boutros via NANOG wrote:
Immediately after being notified that our latest iOS release was causing problems with NTP traffic, we started working to disable the offending code in v9.45. We submitted a new mobile release to the Apple App Store earlier this morning for their review, which should disable these NTP requests. We are hoping Apple will be able to review this release in time before the holiday break, and we have stressed its urgency. When the release does get approved, we should very quickly begin to see a decrease in NTP traffic from our app as users start upgrading to the new release.
We deeply regret this situation, and we will post an update here once we hear back from Apple. We are also open to any suggestions on how we can help with the present traffic.
On Mon, Dec 19, 2016 at 9:27 PM, Jad Boutros <jad@snap.com> wrote:
We - at Snap - were forwarded this thread just a few hours ago and are investigating. Please email me should you still be looking for a contact for Snapchat.
Thank you, Jad
On Mon, Dec 19, 2016 at 9:18 PM, Laurent Dumont <admin@coldnorthadmin.com> wrote:
If anything comes from this, I'd love to hear about it. As a student in the field, this is the kind of stuff I live for! ;)
Pretty awesome to see the chain of events after seeing a post on the [pool] list!
Laurent
On 12/19/2016 05:12 PM, Justin Paine via NANOG wrote:
replying off list.
____________ Justin Paine Head of Trust & Safety Cloudflare Inc. PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D
On Mon, Dec 19, 2016 at 1:49 PM, Dan Drown <dan-nanog@drown.org> wrote:
Quoting David <opendak@shaw.ca>:
On 2016-12-19 1:55 PM, Jan Tore Morken wrote:
> On Mon, Dec 19, 2016 at 01:32:50PM -0700, David wrote: > >> I found devices doing lookups for all of these at the same time >> >> {0,0.uk,0.us,asia,europe,north-america,south-america,oceania >> ,africa}.pool.ntp.org >> and then it proceeds to use everything returned, which explains why >> everyone is seeing an increase. >> > > Thanks, David. That perfectly matches the list of servers used by > older versions of the ios-ntp library[1][2], which would point toward > some iPhone app being the source of the traffic. > > [1] > https://github.com/jbenet/ios-ntp/blob/d5eade6a99041094f12f0 > c976dd4aaeed37e0564/ios-ntp-rez/ntp.hosts > [2] > https://github.com/jbenet/ios-ntp/blob/5cc3b6e437a6422dcee9d > ec9da5183e283eff9f2/ios-ntp-lib/NetworkClock.m#L122 > > That would make sense - I see a lot of iCloud related lookups from these hosts as well.
Also, app.snapchat.com generally seems to follow just after the NTP pool DNS lookups. I don't have an iPhone to test that though.
Confirmed - starting up the iOS Snapchat app does a lookup to the domains you listed, and then sends NTP to every unique IP. Around 35-60 different IPs.
Anyone have a contact at Snapchat?
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------