[time] Abusive Clients, Brazilian Servers
Sat Apr 26 02:44:28 UTC 2008
Matt Wagner wrote:
> I recently added a second server to the pool. It's in Pennsylvania
> (USA), but was incorrectly placed in the South America / Brazil zones,
> presumably via a bad entry in GeoIP.
> An interesting aside, it's getting 8 queries a second, set to 3 Mbps.
> My Texas server is set to 10 Mbps and sees about 0.8 a second.
> Probably because South America has a mere 16 servers, whereas North
> America has 550.
> I've noticed that, although I'm being inundated with queries, most are
> coming from a handful of badly-behaved clients. The top 10 queries are
> hitting me every 8 seconds or less. The worst offender
> (gestum01.datadrome.net / 188.8.131.52) is querying me at the
> insane rates of TWO queries every second. (e.g., every 500ms.)
> I've never had to deal with this before... How do you guys block these
> nuts? It's just a handful of badly-configured clients, so I don't want
> to leave the pool entirely. I'm not sure how the KoD works, nor how to
> configure it. Do most clients respect that, or do I have to look at
> firewalling? Does ntod respect /etc/hosts.deny?
> (As an aside, do you think it makes sense for me to stay as a Brazil
> server? Obviously, my time quality will be degraded, but Brazil seems
> awfully under-represented in terms of NTP hosts.)
> -- Matt
I have a script I run that adds bad servers to my ipfw tables (this on
freebsd) my server that is set to gigabit is currently blocking 82
IP's. If they stop trying to talk to me for more than an hour it
Once it a while I lookup the IP and email the admin - sometimes it
More information about the pool