[ntp:questions] Re: Question on abusive clients.

Danny Mayer mayer at ntp.isc.org
Sun Jan 1 04:13:55 UTC 2006


Brian T. Brunner wrote:
> The counter you speak of is necessary to determine to issue the KoD 
> anyhow, yes?  After then you need only the IP, the time of the KoD,
> and cycles spent searching this list.  Probably need a hash table too.
> 
> What I'm reading between the various posts is that the abusive clients 
> can't be expected to behave to any known rules, so feeding them good 
> time, bad time, or fixed time is equally unproductive... they continue to 
> hammer the server.
> 
> Solution: put the time servers behind a packet-dropping firewall,
> as has been suggested by others, so I'm out of helpful ideas for this thread.
> 
> Brian Brunner
> brian.t.brunner at gai-tronics.com
> (610)796-5838
> 
No, you want to have a counter to see how badly it's hammering away at
your server, not just to decide when to send a KOD packet. You want to
use this data to decide which ones are the most abusive so you can
concentrate on them first.

Danny



More information about the questions mailing list