[Top-posting and no-trimming damage repaird manually] >>> I want to ban flooders, but i don't want to ban the monitor servers >> If you ban the monitoring IPs your banning logic is being way too >> aggressive. > I asked for monitoring IPs for EXCLUDE them from auto-ban script :)
I think the point is that if you need to exclude the monitoring's IP from getting auto-banned, then your auto-banning logic is being far too aggressive. That is, that the level of traffic from the monitoring will not trip any reasonable level of flood detection. Indeed, based on the data I see from the monitoring system for my own server's IP, the monitoring servers check me somewhere between 50 and 53 times per day (v4) or either 93 or 94 times per day (v6). Normal NTP client use starts at one query every 64 seconds (1350 per day) and ratchets back, eventually reaching 1024 seconds (84.375 per day); even 94 times per day is well within this range. Ban the monitoring system for flooding and you will also ban a substantial fraction of legitimate NTP clients. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
