[Pool] OT: how much traffic is too much? (was Re: From which IP addresses is going monitoring activity?)

lst_hoe02 at 79365-rhs.de lst_hoe02 at 79365-rhs.de
Fri Sep 23 07:50:33 UTC 2011


Zitat von Vasil Kolev <vasil at ludost.net>:

> ? 15:23 -0700 ?? 21.09.2011 (??), Chuck Swiger ??????:
>> > 217.112.22.131          5778            Banned
>> > 92.127.155.117          1902            Warning
>> > 91.204.179.75           411             Warning
>> > 93.185.151.139          406             Warning
>>
>> [ ... ]
>> > 89.185.66.122           110             Warning
>>
>> 110 queries per day is one every ~800 seconds.
>>
>> That's not very different from the standard maxpoll of 10 aka every
>> 1024 seconds.  Only the first two entries ought to qualify as
>> potentially abusive.  The real problems aren't from someone polling
>> every 500 seconds, or even every minute-- it's the folks sending a
>> query every second because their config or firewall is busted.
>
>
> This might already be answered somewhere in a FAQ, but, why is even that
> too much? The NTP traffic I see never goes over 5-6 kbps, and the daemon
> should be able to handle at least 20 times more than that. So, is there
> a reason to ban anyone who isn't sending something like 100pps?

The only real abuser i have seen in the past year donating to the pool  
was some IP address flooding ntp with around 500...1000pps. I have  
noticed it because ntp was taking around 5%-8% CPU power all the time  
on a small VPS. After blocking the offender it took an other 1.2GB  
dropped traffic until it stopped.

After that i used ipt_recent to block offenders trying more than 4pps.

Regards

Andreas




More information about the pool mailing list