[ntp:hackers] Cumulative Use Controls as a next addition for the LISTEN ON feature proposed.

tglassey tglassey at glassey.com
Sun Sep 20 18:50:30 UTC 2009


Dave Hart wrote:
> On Sun, Sep 20, 2009 at 6:30 PM, Todd Glassey wrote:
>   
>> The idea is that throttling is available with most networking models and
>> should be with NTP too. We should be able to set the maximum number of
>> requests a system uses from the service from within the reference port
>> model.  That would mean the addition of some type of uses-per-period
>> service and the control to integrate that into DROP or "SAY NO TO
>> BOOBOO" type controls.
>>     
>
> ntpd has rate controls and optional KoD responses already.
>
> http://www.eecis.udel.edu/~mills/ntp/html/accopt.html#discard
>   
Dave I know about the ACL's and their limited use already. But there 
isn't a clean way to set this to a specific address or interface yet 
though. For instance I may want to prevent any server on the Internet 
from connecting more than once a minute for a burst or single setting. 
That policy control isnt really possible with the general purpose ACL's 
from the reference port.

What we need is

    1)   The ability to set "rates" on a per interface and/or IP-address 
basis. I want to be able to say "no client or peer on interface, 
address, or port blah can access the server more than X times per period 
and have some method of specifying this period as well and set the 
responses when they do.

    2)   The ability to set both Positive and Negative States for each 
of these enablements as well as specifying ranges in addition to 
discrete values.



> Cheers,
> Dave Hart
> _______________________________________________
> hackers mailing list
> hackers at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/hackers
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com 
> Version: 8.5.409 / Virus Database: 270.13.109/2384 - Release Date: 09/20/09 06:22:00
>
>   



More information about the hackers mailing list