[ntp:questions] Behaved ... Limited ... KODed

Rob nomail at example.com
Sat Jun 8 08:52:31 UTC 2013

Doug Calvert <dfc-list at douglasfcalvert.net> wrote:
> Do I really have to send out a KoD every 2 seconds (guard time)? It seems
> that the clients that are the most misbehaved are not the ones that are going
> to honor the KoD packet. It is even worse if you set the guard time to allow
> ntpdate through, you will be sending out KoD packets every second. Twenty
> seconds and ten KoD packets later is it realistic to expect that the next KoD
> packet is going to be the one that finally makes the client stop? The ptti04a
> paper introducing KoDs mentions a university firewall with 2,000 misbehaving
> clients behind it. On a lot of campuses today that fw is going to be NATing
> those 2,000 clients. Whats the point of sending a packet every 2 seconds to the
> lucky lottery winner behind the firewall?

Aside from that, it appears that KoD is only implemented in the reference
implementation and that all other clients (both NTP and SNTP) either ignore
it or see it as an invalid response that they may work around by quickly
re-trying the query.  So if anything, KoD only makes things worse.

I would not (and do not) send any KoD at all!

More information about the questions mailing list