[ntp:questions] Re: NTP Server abuse
brad at stop.mail-abuse.org
Thu Dec 2 01:37:37 UTC 2004
At 8:32 AM -0500 2004-12-01, mayer at gis.net wrote:
> That would shut out just about eveeryone since the standard startup
> interval is 64 seconds, but lets assume we make that suitable
The point is that we can easily characterize the behaviour of
proper clients, determine fudge factor, and then say that anyone
beyond the fudge factor is an abuser. The algorithms for proper
behaviour are well known, and the samples would be taken over a long
enough period of time to account for higher traffic during startup.
> Nothing. We still have plenty of NTP V3 clients/servers out there.
> With pool moved to SRV, they don't get the benefit of the pool.
You'll have to talk to Adrian, but I don't think that
pool.ntp.org is likely to move to SRV until you've got much better
than 50% penetration of SRV-aware ntpd implementations out there.
> NTP V4 supports KOD. The people running the pool can demand that anyone
> who wants to use it obeys the rules or they won't get service.
They do that already. They still get buried.
The issue is what can/should you do to try to protect yourself
against existing code already out there, and any new dain-bramaged
implementations that may come along.
> Couple of years if we don't get more programming talent to help
> define the architecture, lay out the implementation, and get things
In the meanwhile, we have operational problems that we need to address.
> The pool servers should be running the latest code as far as is
> possible and they should drop abusive (too frequent) clients.
Already being done. We need to do more. Some servers have
already dropped out because they were getting excessive packet rates
of queries from clients that were ignoring the KOD response, etc....
We need to figure out what else we can do with the existing code
and the existing clients.
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the questions