NTP client entries created for ICMP ping traffic

[srob1]

No NTP clients were configured to use the NTP200 as a time server. However, I have a domotz network monitoring device (see https://www.domotz.com/) on my network that polls devices on the network. It sent an ICMP ping to the NTP200 and ended up being listed in the NTP Clients table.

The NTP clients table should be limited to sources of NTP traffic.

[dave4445]

Client list is based on rx to udp port 123, you sure that software isn't also sending ntp tests? Icmp alone will not cause addition to client list.

[srob1]

Sorry, I assumed the entries were due to icmp ping traffic, because I thought that was the only traffic the domotz box would originate to discover devices. I didn't think they were doing port scans. I will ask domotz (assuming they are willing to say) why they might be generating traffic to the device on udp port 123. Perhaps there is some sort of ntp server discovery mechanism they might be utilizing that would cause them to use the NTP200 as an ntp server without being told to do so explicitly?

[srob1]

I've submitted a support ticket to domotz asking about this behavior, and will update this issue when I receive a response.

[srob1]

The domotz box is in fact generating ntp traffic to the NTP200 and I sincerely apologize for opening this issue before verifying what was actually going on. You should close it (or better yet remove it completely if that's possible).

from Domotz:

The Domotz Box is generating that traffic because it is using that local NTP server to check/update its date and time.

It will first try to locate and use any local NTP server, which it has done in your case, before it defaults to using our date and time service from the Domotz Cloud.

I've told them I think this is an undesirable behavior for a device that is configured as a DHCP client given that the DHCP server is explicitly providing them NTP server addresses to use.