[ntp:hackers] Profiling abusive clients

David L. Mills mills at udel.edu
Wed Nov 21 16:26:22 GMT 2007


Mathias,

I don't think you understand. There is no limit to N; if any client 
exceeds the rate limit, that client is either dropped or results in KoD. 
Formerly, the poroblem was that too many clients clogged the MRU list, 
which with 600 entries the oldest entry was only 16 seconds. The scheme 
now includes a probabilistic criterion that can either discard a new 
entry or displace an existing one, depending on the size of the MRU 
list. This is not a problem with pogo, but it is with USNO and NIST 
servers. Lasst I heard from USNO, about ten percent of all packets were 
tagged to be dropped.

Dave

Matthias Urlichs wrote:

> Hi,
>
> Poul-Henning Kamp:
>
>> And ruin your timekeeping performance with varying firewall delays ?
>>
> So limit the number of blocked clients to N, and add N dummy entries to
> the list when you start it all up.
>
> Besides, if the KoD-ignoring bugger really abuses you, that's going to
> introduce much more delay and variation into your main path than a
> handful of simple firewall rules.
>



More information about the hackers mailing list