[ntp:hackers] Profiling abusive clients

David L. Mills mills at udel.edu
Wed Nov 21 16:09:48 GMT 2007


Matthias,

AShould you care to contribute such a treasure, donations would be 
happily accepted. However, the KoD is optional; the normal behavior is 
simply to drop the packets, which is the same behavior as you suggest.

Dave

Matthias Urlichs wrote:

> Hi,
>
> David L. Mills:
>
>> The latest code will return KoDs in either of these cases. The
>> interesting thing is that, if the KoDs are simply ignored, the abuser
>> will continue to have success, even if the majority of packets are
>> dropped or result in KoDs.
>
>
> Pipe the IP addresses of KoD destinations to an external program which
> remembers them for some time, and adds packetfilter rules that block
> them?
>



More information about the hackers mailing list