[ntp:questions] Re: Question on abusive clients.

Danny Mayer mayer at ntp.isc.org
Sun Jan 1 04:13:55 UTC 2006

Brian T. Brunner wrote:
> The counter you speak of is necessary to determine to issue the KoD 
> anyhow, yes?  After then you need only the IP, the time of the KoD,
> and cycles spent searching this list.  Probably need a hash table too.
> What I'm reading between the various posts is that the abusive clients 
> can't be expected to behave to any known rules, so feeding them good 
> time, bad time, or fixed time is equally unproductive... they continue to 
> hammer the server.
> Solution: put the time servers behind a packet-dropping firewall,
> as has been suggested by others, so I'm out of helpful ideas for this thread.
> Brian Brunner
> brian.t.brunner at gai-tronics.com
> (610)796-5838
No, you want to have a counter to see how badly it's hammering away at
your server, not just to decide when to send a KOD packet. You want to
use this data to decide which ones are the most abusive so you can
concentrate on them first.


More information about the questions mailing list