[ntp:questions] Connection peaks

Wolfgang S. Rupprecht wolfgang.rupprecht+gnus200702 at gmail.com
Sat Feb 24 23:11:51 UTC 2007


[ Try #2, cut-n-paste/thinko on try #1 ]

hal-usenet at ip-64-139-1-69.sjc.megapath.net (Hal Murray) writes:
> The 50000 packet case is probably buggy software.  That's the
> "terrorist".  It may be an innocent bug, but it's hard to tell
> the result from what a terrorist would do.

The 5000 packets could also be a NAT box with 1000 hosts behind it
(where each host sends the same 5 packets per volley as the other
standalone machines.)

It is a shame that ISP's don't usually even bother adding their NTP
servers to the list of servers that dhcp knows about.  (That is, when
they even have public ntp servers at all.)

(In case any ISP'S are listening, all they need to do is add this line
to their dhcpd.conf file. (Assuming their domain name is example.com
and their ntp server is called "ntp.example.com".)  If they have
multiple servers then a comma separated list will add all of them to
the dhcp reply.

  option ntp-servers		ntp.example.com;
  option time-servers		ntp.example.com;

(The second entry covers all bases by sucking all port 37 time
requests to the machine too. It does assume one has configured
inetd/xinetd to allow the kernels internal time daemon to answer the
request.)

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/




More information about the questions mailing list