[ntp:questions] Very rapid polling

Rob nomail at example.com
Wed Feb 25 18:12:31 UTC 2009


jlevine <jlevine at boulder.nist.gov> wrote:
>    2. Sending any reply at all doubles the network traffic and makes
> an
> attack more effective. Therefore, all of the NIST servers log the
> event and
> the source ip but do not respond. I think it is not appropriate for a
> national
> timing laboratory to knowingly send the wrong time.

While that is certainly true, you should be aware that malbehaving NTP
clients do exist that handle the problem of not receiving a reply by
sending the request more often.

I.e. by not replying to rapidly polling clients, you make them poll more
rapidly.  Apparently they think the problem of packetloss in the network
is best handled by sending more traffic.  :-(




More information about the questions mailing list