[Pool] OT: how much traffic is too much? (was Re: From which IP addresses is going monitoring activity?)

lst_hoe02 at 79365-rhs.de lst_hoe02 at 79365-rhs.de
Fri Sep 23 07:50:33 UTC 2011

Zitat von Vasil Kolev <vasil at ludost.net>:

> ? 15:23 -0700 ?? 21.09.2011 (??), Chuck Swiger ??????:
>> >          5778            Banned
>> >          1902            Warning
>> >           411             Warning
>> >          406             Warning
>> [ ... ]
>> >           110             Warning
>> 110 queries per day is one every ~800 seconds.
>> That's not very different from the standard maxpoll of 10 aka every
>> 1024 seconds.  Only the first two entries ought to qualify as
>> potentially abusive.  The real problems aren't from someone polling
>> every 500 seconds, or even every minute-- it's the folks sending a
>> query every second because their config or firewall is busted.
> This might already be answered somewhere in a FAQ, but, why is even that
> too much? The NTP traffic I see never goes over 5-6 kbps, and the daemon
> should be able to handle at least 20 times more than that. So, is there
> a reason to ban anyone who isn't sending something like 100pps?

The only real abuser i have seen in the past year donating to the pool  
was some IP address flooding ntp with around 500...1000pps. I have  
noticed it because ntp was taking around 5%-8% CPU power all the time  
on a small VPS. After blocking the offender it took an other 1.2GB  
dropped traffic until it stopped.

After that i used ipt_recent to block offenders trying more than 4pps.



More information about the pool mailing list