[ntp:questions] Re: Question on abusive clients.
Richard B. Gilbert
rgilbert88 at comcast.net
Fri Dec 23 04:10:03 UTC 2005
David L. Mills wrote:
> There are copious examples of that happening right now on the NIST and
> USNO servers. What would you suggest we do to stop it? See the paper
> Mills, D.L., J. Levine, R. Schmidt and D. Plonka. Coping with overload
> on the Network Time Protocol public servers. Proc. Precision Time and
> Time Interval (PTTI) Applications and Planning Meeting (Washington DC,
> December 2004), 5-16.
> Full text is at www.eecis.udel.edu/~mills/papers.html.
I read the referenced paper with great interest. I noticed that little
attention was paid to the idea of tracking down perpetrators and taking
actions ranging from asking the perpetrator to cease and desist to
asking the courts to intervene. There was an exchange of messages on
this newsgroup a few months ago on this topic. A system administrator
at HP's (formerly Digital's) Western Research Laboratory complained the
his NTP server was being beaten up by clients sending requests at a rate
of 1 PPS. The clients appeared to all be served by a single ISP. He
was not interested in spending the small amount of time required to
identify the IP addresses of the perpetrators and to ask the ISP to shut
them down. There was no reply to my suggestion that since this was a
Denial of Service attack he should request assistance from his legal
The reference implementation of ntpd contributes to the deluge in a
small way! Running a Motorola Oncore as a reference clock causes my
home server to query its internet servers every 16 seconds. It's
nothing I would do by choice; they serve only as a sanity check on my
Oncore reference clock There does not appear to be any way of turning
this feature off short of modifying the code.
More information about the questions