[time] Abusive Clients, Brazilian Servers
Sun Apr 27 09:55:02 UTC 2008
On Sat, Apr 26, 2008 at 10:05:54PM -0700, Dennis Hilberg, Jr. has written:
> Matt Wagner wrote:
> > I've never had to deal with this before... How do you guys block these
> > nuts? It's just a handful of badly-configured clients, so I don't want
> > to leave the pool entirely. I'm not sure how the KoD works, nor how to
> > configure it. Do most clients respect that, or do I have to look at
> > firewalling? Does ntod respect /etc/hosts.deny?
> Hi Matt,
> I use a pair of scripts written by Richard Leach that evaluate NTP
> connections via /proc/net/ip_conntrack and automatically drop requests from
> the offending IP addresses using IPTables. Once the offending client
> improves its request rate the rule is removed and allowed access again.
> I don't recall anyone else but myself replying to Richard regarding his
> conntrack scripts, but I find that they work quite well. I've had them
> running since he fixed his original version (going on three months now),
> with no problems.
> Dropping abusive clients' requests does nothing for the traffic, but at
> least there's some satisfaction knowing that they aren't getting time from you.
> You can download it here:
> Details are in the README.
> Dennis Hilberg, Jr. \ timekeeper at dennishilberg.com
> NTP Server Information: \ http://saturn.dennishilberg.com/ntp.php
> timekeepers mailing list
> timekeepers at fortytwo.ch
Now comes with a free restart script, which re-instantiates the drop
rules which were in existence before you so unfortunately went down.
My top ranker today is 126.96.36.199, requesting at nearly 12 times a
minute. Clearly I don't bother my adsl upload channel with him!
Richard A Leach | No windoze, no gates. Just be free and out there.
The great little festival -- http://www.PennineSpringMusic.co.uk
A Centre of Excellence for Domestic Information Technology Solutions
More information about the pool