[Pool] From which IP addresses is going monitoring activity?
info at hws.ru
Wed Sep 14 15:29:04 UTC 2011
Thanks to all for a statistics examples.
It seems useful for correct the policy.
From: pool-bounces+info=hws.ru at lists.ntp.org
[mailto:pool-bounces+info=hws.ru at lists.ntp.org] On Behalf Of Mouse
Sent: Wednesday, September 14, 2011 7:22 PM
To: pool at lists.ntp.org
Subject: Re: [Pool] From which IP addresses is going monitoring activity?
[Top-posting and no-trimming damage repaird manually]
>>> I want to ban flooders, but i don't want to ban the monitor servers
>> If you ban the monitoring IPs your banning logic is being way too
> I asked for monitoring IPs for EXCLUDE them from auto-ban script :)
I think the point is that if you need to exclude the monitoring's IP
from getting auto-banned, then your auto-banning logic is being far too
aggressive. That is, that the level of traffic from the monitoring
will not trip any reasonable level of flood detection.
Indeed, based on the data I see from the monitoring system for my own
server's IP, the monitoring servers check me somewhere between 50 and
53 times per day (v4) or either 93 or 94 times per day (v6). Normal
NTP client use starts at one query every 64 seconds (1350 per day) and
ratchets back, eventually reaching 1024 seconds (84.375 per day); even
94 times per day is well within this range. Ban the monitoring system
for flooding and you will also ban a substantial fraction of legitimate
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
pool mailing list
pool at lists.ntp.org
More information about the pool