[ntp:questions] Re: Question on abusive clients.

Brian T. Brunner brian.t.brunner at gai-tronics.com
Fri Dec 30 14:43:28 UTC 2005


The counter you speak of is necessary to determine to issue the KoD 
anyhow, yes?  After then you need only the IP, the time of the KoD,
and cycles spent searching this list.  Probably need a hash table too.

What I'm reading between the various posts is that the abusive clients 
can't be expected to behave to any known rules, so feeding them good 
time, bad time, or fixed time is equally unproductive... they continue to 
hammer the server.

Solution: put the time servers behind a packet-dropping firewall,
as has been suggested by others, so I'm out of helpful ideas for this thread.

Brian Brunner
brian.t.brunner at gai-tronics.com
(610)796-5838

>>> Danny Mayer <mayer at ntp.isc.org> 12/30/05 09:22AM >>>
Brian T. Brunner wrote:
> After reading, I wondered: It appears that the timestamp field is 
> present in the KoD packet, would it be possible to track which IP has 
> been given the KoD, and the timestamp of when that was decided, 
> then  when another packet comes in, fill the timestamp field with the 
> time the KoD was decided?
> 
> Cost: 64 bits per system that has been KoD'd, a reply to each KoD packet.
> 
> Effect: system that has been KoD'd sees the time holding still, making
> the server a false-ticker to that client almost instantly.
> 
> Assumption on my part: false-tickers get labeled as such by the client that 
> has concluded the fact, then that client subsequently leaves that server alone.
> 
That might be a bad idea. Main cost is memory. You'd want a counter and
a start and last sent time in there as well so you can get an idea how
badly the client is behaving.

Dannny

*******************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept
for the presence of computer viruses.

www.hubbell.com - Hubbell Incorporated



More information about the questions mailing list