NTP storm between KP125 and UniFi USG
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Greetings,
I'm seeing a massive amount of traffic (2000 packets per second, per device) between my KP125 smart plugs and my UniFi USG gateway's NTP daemon.
My DHCP server provides the ntp-server option, the gateway is running ntpd "NTP daemon program - Ver. 4.2.6p2".
Luckily my time server is local, according to my UniFi Controller they have used slightly more than 70GB of data! I fear that some of your other customers are not so lucky and have unexplained data use they're paying for.
I have packet dumps available upon request, the KP115 do not appear to have the same bug.
Request
Frame 1553: 90 bytes on wire (720 bits), 90 bytes captured (720 bits)
Ethernet II, Src: b0:a7:b9:64:d2:8e (b0:a7:b9:64:d2:8e), Dst: Ubiquiti_47:78:91 (fc:ec:da:47:78:91)
Internet Protocol Version 4, Src: 192.168.1.145, Dst: 192.168.1.1
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 76
Identification: 0x3edf (16095)
Flags: 0x0000
Time to live: 255
Protocol: UDP (17)
Header checksum: 0xf8de [validation disabled]
[Header checksum status: Unverified]
Source: 192.168.1.145
Destination: 192.168.1.1
User Datagram Protocol, Src Port: 49210, Dst Port: 123
Source Port: 49210
Destination Port: 123
Length: 56
Checksum: 0x97e5 [unverified]
[Checksum Status: Unverified]
[Stream index: 3]
[Timestamps]
Network Time Protocol (NTP Version 4, client)
Flags: 0x23, Leap Indicator: no warning, Version number: NTP Version 4, Mode: client
[Response In: 1556]
Peer Clock Stratum: unspecified or invalid (0)
Peer Polling Interval: invalid (0)
Peer Clock Precision: 1.000000 seconds
Root Delay: 0.000000 seconds
Root Dispersion: 0.000000 seconds
Reference ID: NULL
Reference Timestamp: Feb 7, 2036 06:28:16.000000000 UTC
Origin Timestamp: Feb 7, 2036 06:28:16.000000000 UTC
Receive Timestamp: Feb 7, 2036 06:28:16.000000000 UTC
Transmit Timestamp: Feb 7, 2036 06:28:16.000000000 UTC
Response
Frame 1556: 90 bytes on wire (720 bits), 90 bytes captured (720 bits)
Ethernet II, Src: Ubiquiti_47:78:91 (fc:ec:da:47:78:91), Dst: b0:a7:b9:64:d2:8e (b0:a7:b9:64:d2:8e)
Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.145
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT)
Total Length: 76
Identification: 0xd572 (54642)
Flags: 0x4000, Don't fragment
Time to live: 64
Protocol: UDP (17)
Header checksum: 0xe08b [validation disabled]
[Header checksum status: Unverified]
Source: 192.168.1.1
Destination: 192.168.1.145
User Datagram Protocol, Src Port: 123, Dst Port: 49210
Source Port: 123
Destination Port: 49210
Length: 56
Checksum: 0xfd25 [unverified]
[Checksum Status: Unverified]
[Stream index: 3]
[Timestamps]
Network Time Protocol (NTP Version 4, server)
Flags: 0xe4, Leap Indicator: unknown (clock unsynchronized), Version number: NTP Version 4, Mode: server
[Request In: 1553]
[Delta Time: 0.000758000 seconds]
Peer Clock Stratum: unspecified or invalid (0)
Peer Polling Interval: invalid (3)
Peer Clock Precision: 0.000061 seconds
Root Delay: 0.000000 seconds
Root Dispersion: 0.002563 seconds
Reference ID: (Initialization)
Reference Timestamp: Feb 7, 2036 06:28:16.000000000 UTC
Origin Timestamp: Feb 7, 2036 06:28:16.000000000 UTC
Receive Timestamp: Dec 21, 2021 09:08:39.093851928 UTC
Transmit Timestamp: Dec 21, 2021 09:08:39.094442915 UTC
