[ntp:questions] Re: abuse or bug ?

David L. Mills mills at udel.edu
Fri Jan 28 18:15:44 UTC 2005


See the MINPOLL define in ntp.h, currently 4 (16 s). Unless some idiot 
changes that define, it is not possible to send polls at intervals less 
than 16 s. However, it is true that some idiot could set BURST and 
minpoll = 4, with result one poll every two seconds. However, the 
current ntpd server ignores packets with average headway less than one 
poll every five seconds and sends a kiss-o'-death instead, but that at 
net aggregate rates less than one KoD per second. See the article cited.

I'm about to put in code that will limit the average rate, burst mode 
included, to less than one packet in 16 seconds. In other wolrds, if you 
set BURST, the minimum poll interval is forced to 512 s. Note at the 
moment ntpdate sends a one-time burst of eight packets at one-second 
intervals. The current ntpd discards half of these, since the minimum 
accepted headway is two seconds. Another reason I want to get rid of 
ntpdate. Future ntpd will be much more aggresive to defend against burst 
attacks. Users will not like this, as it will increase the time for 
initial acquisition.

Users are reminded NOT to use BURST for public time servers. It is 
probably okay to user IBURST for initial acquisition, as that happens 
only once.


Harlan Stenn wrote:
> Dave,
> Burst mode would do 8 packets every poll, right?  What if somebody cranked
> minpoll and maxpoll to something small?
> H

More information about the questions mailing list