[time] What to do about abuse

Jeffrey Goldberg jeffrey
Tue Feb 27 16:43:57 UTC 2007

On Feb 27, 2007, at 4:16 AM, Rob Janssen wrote:

> Jeffrey Goldberg wrote:
>> Well, I'm absolutely flabbergasted by the abusive clients.  I'd like
>> some understanding of what's behind it and what people do about it.

> I think that most abuse is just ignorance. There are some different  
> ways of getting high rate of queries from a single IP:
> 1. a lot of systems behind a NAT router.  each system is configured  
> to use the pool. when all of the systems are powered up at about  
> the same time (e.g. after a power failure or an automated hotfix  
> installation), all of the systems get the  same DNS reply when  
> starting their NTP daemon and they all query the same set of  
> timeservers.

It turns out that this is what happened in my case.  I had a total of  
13,000 requests from 3 IPs, one was averaging a request every 0.15  
seconds.  The other two were at about one request every two seconds.   
This went out for about half an hour and shortly after I started  
collecting stats.

> The big problem is that there is no way to get in contact with the  
> responsible person, so you will just have to live with the situation.

I actually got a very prompt response from tera-byte.com telling me.

> I have just had a discussion with the sys admin that runs the 100+  
> servers
> that sit behind those ip addresses. He has agreed to setup and run  
> a local ntp server rather than querying pool.ntp.org


>  We also have 2 ntp servers on our network for co-location  
> customers to use
> however he was querying the pool directly.

So at least in one case contacted the abuse email from the whois  
records for a net has shown that some good can come of sending off a  

However, I should note that others have mailed me off list also  
recommend ignoring abuse.  After all a single ntpd server can easily  
handle the load of abusive clients.  Still, prompted by an early  
success, I do like to idea of encouraging people to set up proper  


Jeffrey Goldberg                        http://www.goldmark.org/jeff/

More information about the pool mailing list