[Pool] DDoS Type Attack
cswiger at mac.com
Sun Feb 16 22:44:46 UTC 2014
On Feb 16, 2014, at 11:58 AM, Nyamul Hassan <nyamul at gmail.com> wrote:
> Good point, Clay Fiske. Is there a realistic estimate to how many packets
> / sec a legitimate remote is allowed?
Sure. ~10 per minute is the highest rate a normal client using iburst will
startup as; after that one packet per minute (every 64 seconds, actually) is
the most rapid polling rate that should be used without prior coordination.
10 packets per minute also accomodates ntpdate.
> Suppose, if we can agree on numbers like:
> Less than 100 packets each min
> + Less than 300 packets in 10 mins
> + Less than 500 packets in 1 hour
That's overgenerous: 500 packets per hour is 1 every 7.2 seconds.
If something has a clock which is so defective that it can't keep time well enough
that it needs to keep asking more than once a minute, well, it should be talking to
something on the LAN instead of wasting public resources.
More information about the pool