[time] What to do about abuse
Tue Feb 27 10:16:54 UTC 2007
Jeffrey Goldberg wrote:
> Well, I'm absolutely flabbergasted by the abusive clients. I'd like
> some understanding of what's behind it and what people do about it.
> It don't see anything to gain by being deliberately abuse. You don't
> gain anything by sending out a request 5 times per second. As
> annoying as it is, there is little chance of doing any noticeable
> vandalism. So my guess is that it is accidental. But how could
> someone accidentally configure a client to just keep making requests.
I think that most abuse is just ignorance.
There are some different ways of getting high rate of queries from a
1. a lot of systems behind a NAT router. each system is configured to
use the pool.
when all of the systems are powered up at about the same time (e.g.
after a power
failure or an automated hotfix installation), all of the systems get the
same DNS reply
when starting their NTP daemon and they all query the same set of
get a high polling rate from a single IP, but in fact there are
different systems. This can
sometimes be noticed when checking the source port number.
2. a firewall that suppresses your reply, combined with a broken client.
some clients start polling once per second when they don't get a reply.
people have a firewall that rejects the returned UDP packet from your
even get "ICMP administratively blocked" sent to my system sometimes) and
their client increases the poll rate without ever getting in sync.
3. outright broken config files from persons who believe that fast
polling is better or
that bursting is the way to go. this is more towards vandalism rather
but it could be caused by not reading the documentation and guessing
options will do (possibly after someone used a user-frienly admin GUI to
the config file, and bursting is just a checkmark)
Of course people don't gain by this behaviour. Either they lose, or
they get no
gain. However, many admins don't monitor their systems and they just don't
know that something is wrong or sub-optimal.
The big problem is that there is no way to get in contact with the
so you will just have to live with the situation.
More information about the pool