[time] Abusive Clients, Brazilian Servers

John Pettitt jpp
Sat Apr 26 02:44:28 UTC 2008


Matt Wagner wrote:
> I recently added a second server to the pool. It's in Pennsylvania
> (USA), but was incorrectly placed in the South America / Brazil zones,
> presumably via a bad entry in GeoIP.
>
> An interesting aside, it's getting 8 queries a second, set to 3 Mbps.
> My Texas server is set to 10 Mbps and sees about 0.8 a second.
> Probably because South America has a mere 16 servers, whereas North
> America has 550.
>
> I've noticed that, although I'm being inundated with queries, most are
> coming from a handful of badly-behaved clients. The top 10 queries are
> hitting me every 8 seconds or less. The worst offender
> (gestum01.datadrome.net / 200.203.122.235) is querying me at the
> insane rates of TWO queries every second. (e.g., every 500ms.)
>
> I've never had to deal with this before... How do you guys block these
> nuts? It's just a handful of badly-configured clients, so I don't want
> to leave the pool entirely. I'm not sure how the KoD works, nor how to
> configure it. Do most clients respect that, or do I have to look at
> firewalling? Does ntod respect /etc/hosts.deny?
>
> (As an aside, do you think it makes sense for me to stay as a Brazil
> server? Obviously, my time quality will be degraded, but Brazil seems
> awfully under-represented in terms of NTP hosts.)
>
> -- Matt
>   
I have a script I run that adds bad servers to my ipfw tables (this on 
freebsd) my server that is set to gigabit is currently blocking 82 
IP's.   If they stop trying to talk to me for more than an hour it 
unblocks them.

Once it a while I lookup the IP and email the admin - sometimes it 
actually works.

John



More information about the pool mailing list