[ntp:hackers] Profiling abusive clients
David L. Mills
mills at udel.edu
Wed Nov 21 16:09:48 GMT 2007
Matthias,
AShould you care to contribute such a treasure, donations would be
happily accepted. However, the KoD is optional; the normal behavior is
simply to drop the packets, which is the same behavior as you suggest.
Dave
Matthias Urlichs wrote:
> Hi,
>
> David L. Mills:
>
>> The latest code will return KoDs in either of these cases. The
>> interesting thing is that, if the KoDs are simply ignored, the abuser
>> will continue to have success, even if the majority of packets are
>> dropped or result in KoDs.
>
>
> Pipe the IP addresses of KoD destinations to an external program which
> remembers them for some time, and adds packetfilter rules that block
> them?
>
More information about the hackers
mailing list