[ntp:questions] "discard" and "limited" HOWTO?

Kirk Strauser kirk at strauser.com
Sat Sep 17 23:11:40 UTC 2005


I've been trying all afternoon to figure out how to use "restrict limited" and "discard" to get my server (which is participating in pool.ntp.org) to ignore abusive users.

My ntp.conf looks similar to:

    restrict default kod nomodify notrap nopeer limited
    # The pool.ntp.org people recommend trusting yourself:
    restrict 127.0.0.1
    discard

    server  127.127.1.0     # local clock
    fudge   127.127.1.0 stratum 10

    server  [...]

>From what I've seen, I thought the "discard" and "restrict limited" options
should drop clients that hit the server too hard.  And yet:

$ sudo tcpdump -n port 123 and host 71.10.124.9
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
17:56:26.109620 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length 48
17:56:26.109842 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length 48
17:56:29.111933 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length 48
17:56:29.112208 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length 48
17:56:30.120690 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length 48
17:56:30.120928 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length 48
17:56:31.110731 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length 48
17:56:31.110941 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length 48
17:56:32.114356 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length 48
17:56:32.114586 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length 48
17:56:33.127921 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length 48
17:56:33.128120 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length 48
17:56:35.112621 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length 48
17:56:35.112832 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length 48
17:56:36.132571 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length 48
17:56:36.132809 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length 48
17:56:38.117865 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length 48
17:56:38.122941 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length 48
17:56:39.112849 IP 71.10.124.9.63008 > 10.0.5.16.123: NTPv4, Client, length 48
17:56:39.117330 IP 10.0.5.16.123 > 71.10.124.9.63008: NTPv4, Server, length 48


What am I missing?  What exactly do the "average" and "minimum" options to
"limited" mean?  I think I know, but the wording is a little confusing
to me.
-- 
Kirk Strauser
The Strauser Group
Open. Solutions. Simple.




More information about the questions mailing list