[time] Abusive Clients, Brazilian Servers

Matt Wagner mwaggy
Sat Apr 26 01:53:27 UTC 2008


I recently added a second server to the pool. It's in Pennsylvania
(USA), but was incorrectly placed in the South America / Brazil zones,
presumably via a bad entry in GeoIP.

An interesting aside, it's getting 8 queries a second, set to 3 Mbps.
My Texas server is set to 10 Mbps and sees about 0.8 a second.
Probably because South America has a mere 16 servers, whereas North
America has 550.

I've noticed that, although I'm being inundated with queries, most are
coming from a handful of badly-behaved clients. The top 10 queries are
hitting me every 8 seconds or less. The worst offender
(gestum01.datadrome.net / 200.203.122.235) is querying me at the
insane rates of TWO queries every second. (e.g., every 500ms.)

I've never had to deal with this before... How do you guys block these
nuts? It's just a handful of badly-configured clients, so I don't want
to leave the pool entirely. I'm not sure how the KoD works, nor how to
configure it. Do most clients respect that, or do I have to look at
firewalling? Does ntod respect /etc/hosts.deny?

(As an aside, do you think it makes sense for me to stay as a Brazil
server? Obviously, my time quality will be degraded, but Brazil seems
awfully under-represented in terms of NTP hosts.)

-- Matt



More information about the pool mailing list