[Pool] Server Abuse

Kasper Pedersen timekeepers at kasperkp.dk
Sun Apr 5 12:01:25 UTC 2015


On 04/05/2015 09:02 AM, Michael Meier wrote:
> On 04/04/2015 10:26 PM, Miguel Barbosa Gonçalves wrote:

> Now for something related: We've seen a big increase in clients/requests
> on all our pool servers since Friday, March 13th - is anyone else seing
> this?
> 

Denmark: Nothing to see here. Here is roughly a year of traffic:

http://n1.taur.dk/clock/packets2.png

I think the 'August event' is when I replaced the router and upped the
bandwidth to 1Gbps. But, nothing special this month.

In the plot, the green abuse line is the number of requests that go
unanswered, mostly monlist and such. This is purely a 'protect other
people' thing, carrier nat boxes are fine, clients are not required to
have unique public routable addresses, polling a bit fast is fine, but
if you spray me with 30kpps*, I will not send 30k replies to the
probably spoofed source address.


As to carrier NAT boxes, setting up a few NTP servers on the inside does
not affect pool traffic.
The only thing that would affect pool traffic is if the provider also
starts spoofing DNS responses from the pool, or spoofing responses.
Let's not go there, please.


/Kasper Pedersen

*Yes, this has happened more than once.


More information about the pool mailing list