[time] Abusive Clients, Brazilian Servers

Dennis Hilberg, Jr. timekeeper
Sun Apr 27 05:05:54 UTC 2008

Matt Wagner wrote:
> I've never had to deal with this before... How do you guys block these
> nuts? It's just a handful of badly-configured clients, so I don't want
> to leave the pool entirely. I'm not sure how the KoD works, nor how to
> configure it. Do most clients respect that, or do I have to look at
> firewalling? Does ntod respect /etc/hosts.deny?

Hi Matt,

I use a pair of scripts written by Richard Leach that evaluate NTP 
connections via /proc/net/ip_conntrack and automatically drop requests from 
the offending IP addresses using IPTables. Once the offending client 
improves its request rate the rule is removed and allowed access again.

I don't recall anyone else but myself replying to Richard regarding his 
conntrack scripts, but I find that they work quite well. I've had them 
running since he fixed his original version (going on three months now), 
with no problems.

Dropping abusive clients' requests does nothing for the traffic, but at 
least there's some satisfaction knowing that they aren't getting time from you.

You can download it here:


Details are in the README.


Dennis Hilberg, Jr.     \  timekeeper at dennishilberg.com
NTP Server Information:  \  http://saturn.dennishilberg.com/ntp.php

More information about the pool mailing list