[Pool] DDoS Type Attack

Charles Swiger cswiger at mac.com
Sun Feb 16 22:44:46 UTC 2014


Hi--

On Feb 16, 2014, at 11:58 AM, Nyamul Hassan <nyamul at gmail.com> wrote:
> Good point, Clay Fiske.  Is there a realistic estimate to how many packets
> / sec a legitimate remote is allowed?

Sure.  ~10 per minute is the highest rate a normal client using iburst will
startup as; after that one packet per minute (every 64 seconds, actually) is
the most rapid polling rate that should be used without prior coordination.

10 packets per minute also accomodates ntpdate.

> Suppose, if we can agree on numbers like:
> Less than 100 packets each min
> + Less than 300 packets in 10 mins
> + Less than 500 packets in 1 hour

That's overgenerous: 500 packets per hour is 1 every 7.2 seconds.

If something has a clock which is so defective that it can't keep time well enough
that it needs to keep asking more than once a minute, well, it should be talking to
something on the LAN instead of wasting public resources.

Regards,
-- 
-Chuck



More information about the pool mailing list