Zitat von Vasil Kolev <[email protected]>:
? 15:23 -0700 ?? 21.09.2011 (??), Chuck Swiger ??????:
> 217.112.22.131 5778 Banned
> 92.127.155.117 1902 Warning
> 91.204.179.75 411 Warning
> 93.185.151.139 406 Warning
[ ... ]
> 89.185.66.122 110 Warning
110 queries per day is one every ~800 seconds.
That's not very different from the standard maxpoll of 10 aka every
1024 seconds. Only the first two entries ought to qualify as
potentially abusive. The real problems aren't from someone polling
every 500 seconds, or even every minute-- it's the folks sending a
query every second because their config or firewall is busted.
This might already be answered somewhere in a FAQ, but, why is even that
too much? The NTP traffic I see never goes over 5-6 kbps, and the daemon
should be able to handle at least 20 times more than that. So, is there
a reason to ban anyone who isn't sending something like 100pps?
The only real abuser i have seen in the past year donating to the pool
was some IP address flooding ntp with around 500...1000pps. I have
noticed it because ntp was taking around 5%-8% CPU power all the time
on a small VPS. After blocking the offender it took an other 1.2GB
dropped traffic until it stopped.
After that i used ipt_recent to block offenders trying more than 4pps.
Regards
Andreas
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
