[ntp:questions] Re: Can you test my server please.

Brad Knowles brad at stop.mail-abuse.org
Wed Nov 24 10:29:05 UTC 2004


At 11:21 AM +0100 2004-11-24, Folkert van Heusden wrote:

>  What about adding some throtteling(?) code to the ntp-daemon which makes
>  it stop answering requests when more then x requests per y come in?
>  Shouldn't be too difficult to code I guess.

	I can't say for certain, but I suspect that's not going to work 
too well.  These clients are abusive enough when they are getting 
answers -- when they stop getting answers, or get only KOD, etc..., 
that's when they crank up to truly abusive things like sending us one 
query per second, etc....

	Do that across enough sending machines, and the load to simply 
refuse the packets gets high enough that many of the pool operators 
will drop out.  That is, if they have any bandwidth left and are 
capable of sending out an e-mail asking that they be dropped.


	We need to find a way to send back to these abusive clients 
something that they recognize as an "answer", but which is so far out 
of whack for them that they hopefully decide to go away instead of 
continuing to bother us.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.



More information about the questions mailing list