-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 While I do not profess to know the cause of your particular NTP sync problem, this *might* be due to knee-jerk reactions to the NTP reflection/amplification DDoS attacks that have been quite an annoyance and operational issue lately. suspect that some operators have found that perhaps they harbored some device inside their own networks are being used (or might be used) to facilitate these attacks: https://www.us-cert.gov/ncas/current-activity/2014/01/10/Network-Time-Protoc... See also: http://openntpproject.org/ - - ferg On 2/1/2014 8:03 PM, Jonathan Towne wrote:
This evening all of my servers lost NTP sync, stating that our on-site NTP servers hadn't synced in too long.
Reference time noted by the local NTP servers: Fri, Jan 31 2014 19:11:29.725
Apparently since then, NTP has been unable to traverse the circuit. Our other provider is shuffling NTP packets just fine, and after finding an NTP peer that return routed in that direction, I was able to get NTP back in shape.
Spot checking various NTP peers configured on my end with various looking glasses close to the far-end confirm that anytime the return route is through AS11351, we never get the responses. Outbound routes almost always take the shorter route through our other provider.
Is anyone else seeing this, or am I lucky enough to have it localized to my region (Northern NY)?
I've created a ticket with the provider, although with it being the weekend, I have doubts it'll be a quick resolution. I'm sure its a strange knee-jerk response to the monlist garbage. Still, stopping time without warning is Uncool, Man.
-- Jonathan Towne
- -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLubvMACgkQKJasdVTchbK8mwD9HDHJ2YSDciN8k6YkRDu4MbxS r0zEU/8ofP8HaK8YoEYBANhDP+VIhC3Cz/cKc4TI8WeGHqX1ZWN1OwnxLihR3sjx =KEeR -----END PGP SIGNATURE-----