[time] What to do about abuse

Tim Shoppa tshoppa
Wed Feb 28 13:23:55 UTC 2007

On Mon, 26 Feb 2007, Jeffrey Goldberg wrote:
> Well, I'm absolutely flabbergasted by the abusive clients.  I'd like
> some understanding of what's behind it and what people do about it.
> It don't see anything to gain by being deliberately abuse.  You
> gain anything by sending out a request 5 times per second.

While that's an exceptionally stupid client, I myself have
only seen that kind of abuse when I started to try
blocking abuse. 

> And what do people do about them.  I can manually block those
> at my firewall.

My discovery was that with some classes of clients that will ask
once every second, if you stop replying then they'll pick up their
query rate by a factor of 5 in some cases. Whether this hurts
your bandwidth or your provider's depends on where the firewall
is but I'd guess that most of us who don't work for an ISP can
only block traffic after it comes down the wires rather than before.

There was a different class of client that would normally try
once every 15 or 30 or 60 seconds, but if I didn't respond they
started querying every single second.

Most people who install these stupid NTP clients genuinely
don't know how poorly behaved the client is. Some (see list
messages here from a few years back) defend their client
behavior when it asks more often when it doesn't get good
time back. Not a traffic-friendly attitude but a very self-
centered attitude.

So, in every parameter I tried, not replying or sending KOD's or
sending "bad" time to stupid clients just made them
query more often. I gave up and my NTP traffic went
back to normal :-).


More information about the pool mailing list