| Re: [chrony-users] NTS dropped packets |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] NTS dropped packets
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Tue, 1 Dec 2020 08:42:50 +0100
- Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606808580; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ZIxx/TjUKHTQ8mSu/X5q3xWX6oAQz4HT31Rx1DVQiEM=; b=W5hCT/KFsV2QwgVzTpg4SkUIoyghGjMRZHK4J6LxV4P5rRSsfwZOROVpwr1YA1sEBwd/BB CV/JDl5vqfGtrAE4qI/wwh7bR991wAycY/OOBDcmMjnbbE1oiTcb4ha+cK9BwWhQ2C0GT3 D+ITc6JD23dR5aAOxiiPbdl7XRe41W4=
On Mon, Nov 30, 2020 at 07:22:47PM +0100, Kurt Roeckx wrote:
> Hi,
>
> I'm seeing dropped packets when talking to an NTS enabled server.
> But I'm only seeing it on my home network, not on my server in the
> datacenter. I currently see this using ptbnts1.ptb.de. I think I
> had the same problem with nts.ntp.se, but it seems I changed from
> an IPv4 address to an IPv6 address there and don't see the issue
> since.
Some major network operators are blocking or rate limiting NTP packets
as a mitigation against the ntpd mode-6 amplification attacks. In some
networks it specifically applies to longer NTP packets. There is not
much we can do except move to a different port, as proposed in the
alternative-port draft.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.