[ntp:questions] Re: ntp-cup (timeserver) is being attacked (I think)

dalton_95014 at yahoo.com dalton_95014 at yahoo.com
Tue Apr 26 18:29:09 UTC 2005


Richard B. Gilbert wrote:

> The two ip addresses in question are both assigned to:
>
> OrgName:    FONE NET, LLC

We have been trying to contact them, but my point really was that the
bulk of the problem was not these two "elephants" (egregious though
they are) but rather the 4000 little guys who are polling every 5
seconds.  I wonder who those little guys are?  No way am I going to
track down 4000 of them.

I will follow the advice of David Mills and configure the "call gap"
feature in NTPv4.  The threshold will probably have to be large (10 or
20 seconds) and there are going to be a lot of Kiss-o-Death packets
issued.  The follow-up question will be:  How many of those clients
actually cease and desist when they receive the KoD?  Probably not many.




More information about the questions mailing list