[ntp:questions] Re: Question on abusive clients.
Danny Mayer
mayer at ntp.isc.org
Fri Dec 30 14:22:43 UTC 2005
Brian T. Brunner wrote:
> After reading, I wondered: It appears that the timestamp field is
> present in the KoD packet, would it be possible to track which IP has
> been given the KoD, and the timestamp of when that was decided,
> then when another packet comes in, fill the timestamp field with the
> time the KoD was decided?
>
> Cost: 64 bits per system that has been KoD'd, a reply to each KoD packet.
>
> Effect: system that has been KoD'd sees the time holding still, making
> the server a false-ticker to that client almost instantly.
>
> Assumption on my part: false-tickers get labeled as such by the client that
> has concluded the fact, then that client subsequently leaves that server alone.
>
>
> Brian Brunner
> brian.t.brunner at gai-tronics.com
> (610)796-5838
>
>
That might be a bad idea. Main cost is memory. You'd want a counter and
a start and last sent time in there as well so you can get an idea how
badly the client is behaving.
Dannny
More information about the questions
mailing list