[ntp:questions] Re: Question on abusive clients.

Richard B. Gilbert rgilbert88 at comcast.net
Fri Dec 23 04:10:03 UTC 2005

David L. Mills wrote:

> David,
> There are copious examples of that happening right now on the NIST and 
> USNO servers. What would you suggest we do to stop it? See the paper
> Mills, D.L., J. Levine, R. Schmidt and D. Plonka. Coping with overload 
> on the Network Time Protocol public servers. Proc. Precision Time and 
> Time Interval (PTTI) Applications and Planning Meeting (Washington DC, 
> December 2004), 5-16.
> Full text is at www.eecis.udel.edu/~mills/papers.html.
> Dave
I read the referenced paper with great interest.  I noticed that little 
attention was paid to the idea of tracking down perpetrators and taking 
actions ranging from asking the perpetrator to cease and desist to 
asking the courts to intervene.  There was an exchange of messages on 
this newsgroup a few months ago on this topic.   A system administrator 
at HP's (formerly Digital's) Western Research Laboratory complained the 
his NTP server was being beaten up by clients sending requests at a rate 
of 1 PPS.  The clients appeared to all be served by a single ISP.   He 
was not interested in spending the small amount of time required to 
identify the IP addresses of the perpetrators and to ask the ISP to shut 
them down.  There was no reply to my suggestion that since this was a 
Denial of Service attack he should request assistance from his legal 

The reference implementation of ntpd contributes to the deluge in a 
small way!   Running a Motorola Oncore as a reference clock causes my 
home server to query its internet servers every 16 seconds.  It's 
nothing I would do by choice; they serve only as a sanity check on my 
Oncore reference clock   There does not appear to be any way of turning 
this feature off short of modifying the code.

More information about the questions mailing list