[ntp:questions] Re: Question on abusive clients.

Danny Mayer mayer at ntp.isc.org
Fri Dec 30 14:22:43 UTC 2005


Brian T. Brunner wrote:
> After reading, I wondered: It appears that the timestamp field is 
> present in the KoD packet, would it be possible to track which IP has 
> been given the KoD, and the timestamp of when that was decided, 
> then  when another packet comes in, fill the timestamp field with the 
> time the KoD was decided?
> 
> Cost: 64 bits per system that has been KoD'd, a reply to each KoD packet.
> 
> Effect: system that has been KoD'd sees the time holding still, making
> the server a false-ticker to that client almost instantly.
> 
> Assumption on my part: false-tickers get labeled as such by the client that 
> has concluded the fact, then that client subsequently leaves that server alone.
> 
> 
> Brian Brunner
> brian.t.brunner at gai-tronics.com
> (610)796-5838
> 
> 
That might be a bad idea. Main cost is memory. You'd want a counter and
a start and last sent time in there as well so you can get an idea how
badly the client is behaving.

Dannny



More information about the questions mailing list