[time] Abusive Clients, Brazilian Servers

Richard Leach rich
Sun Apr 27 09:55:02 UTC 2008


On Sat, Apr 26, 2008 at 10:05:54PM -0700, Dennis Hilberg, Jr. has written:
> Matt Wagner wrote:
> > I've never had to deal with this before... How do you guys block these
> > nuts? It's just a handful of badly-configured clients, so I don't want
> > to leave the pool entirely. I'm not sure how the KoD works, nor how to
> > configure it. Do most clients respect that, or do I have to look at
> > firewalling? Does ntod respect /etc/hosts.deny?
> 
> Hi Matt,
> 
> I use a pair of scripts written by Richard Leach that evaluate NTP 
> connections via /proc/net/ip_conntrack and automatically drop requests from 
> the offending IP addresses using IPTables. Once the offending client 
> improves its request rate the rule is removed and allowed access again.
> 
> I don't recall anyone else but myself replying to Richard regarding his 
> conntrack scripts, but I find that they work quite well. I've had them 
> running since he fixed his original version (going on three months now), 
> with no problems.
> 
> Dropping abusive clients' requests does nothing for the traffic, but at 
> least there's some satisfaction knowing that they aren't getting time from you.
> 
> You can download it here:
> 
> http://www.penninespringmusic.co.uk/rich/software/conntrack.tgz
> 
> Details are in the README.
> 
> Dennis
> 
> -- 
> Dennis Hilberg, Jr.     \  timekeeper at dennishilberg.com
> NTP Server Information:  \  http://saturn.dennishilberg.com/ntp.php
> _______________________________________________
> timekeepers mailing list
> timekeepers at fortytwo.ch
> https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers

Thanks Dennis.

Now comes with a free restart script, which re-instantiates the drop
rules which were in existence before you so unfortunately went down.

My top ranker today is 79.66.74.17, requesting at nearly 12 times a
minute. Clearly I don't bother my adsl upload channel with him!
-- 
Richard A Leach | No windoze, no gates. Just be free and out there.
The great little festival -- http://www.PennineSpringMusic.co.uk
A Centre of Excellence for Domestic Information Technology Solutions
5344.9735,N,00201.2268,W,263.0



More information about the pool mailing list