[time] 8.8.38.2, wikis, and help for abusers

Ryan Malayter malayter
Wed Apr 30 02:11:25 UTC 2008


On Tue, Apr 29, 2008 at 8:17 PM, Ask Bj?rn Hansen <ask at develooper.com> wrote:
> ... and since the 200 servers likely share one dns cache it's even
> possible they all would end up querying the same pool server
> (depending on which caching dns system they use etc).

As more and more Linux distributions use the NTP pool by default,
these scenarios will become more and more common. I have one IP on my
pool server querying every 1.2 s on average... that's ~850 clients
behind one IP assuming a standard client maxpoll.

Very few network admins put NTP servers into their DHCP configuration,
and even if they do, that information is ignored by most operating
systems.

Fortunately Windows domains have hierarchical NTP behavior by default,
or this could get really ugly quickly. Unfortunately, though,
Microsoft Active Directory also makes it easy to configure thousands
of clients to hit the NTP pool with just a few clicks of the mouse. I
suspect this has already been done by a clueless admin - are the
machines at 8.8.38.2 querying with NTPv3 and precision -6? I myself
nearly launched a denial-of-service attack against our corporate ISP's
time servers by accident once, applying a policy meant for my domain
controllers to the whole Windows domain.

-- 
RPM



More information about the pool mailing list