Hello. I have recently seen a constant rate of 21k ntp monlist requests / minute (for about 2 days). The replies coud easily saturate 100 mbps line if not limited, so I encourage you to use rate limiting.
My current policy for limiting requests is 20 / minute for single IP, which should be enough even for clients behind NAT. I'm using a combination of 'limited kod' with more permissive 'discard' values and iptables with recent module. (Monlist and limiting has been discussed here last year - http://lists.ntp.org/pipermail/pool/2011-December/date.html ) Matej Snoha On Wed, Jun 13, 2012 at 4:44 PM, Fabian Wenk <[email protected]> wrote: > Hello Timothy > > > On 12.06.2012 04:29, Timothy Oefelein wrote: > >> 2) Do any of you use the limit and/or kod options in your config? I've >> noted some really obnoxious clients (bursts of 20+ queries at a time, >> every minute or so) hitting my servers in the past and wondered if any >> of the other pool admins take proactive steps against such clients. >> > > I also have set limited and kod in the restrict default lines. It already > helped once with a flood of requests and massively reduce the number of > answers from my server. Currently it is still visible in the Monthly (Week > 20) and Yearly (May) graph on [1]. When I checked with tcpdump during the > lower level, in 2 minutes I counted 303 requests, but only 13 answers. > > [1] > http://www.home4u.ch/ntp/ntp2.**home4u.ch.html<http://www.home4u.ch/ntp/ntp2.home4u.ch.html> > > As this requests are UDP, the sending IP address could also be faked. > Answering all this requests could hurt an innocent third party from your > server, so limiting is a very good idea. > > > bye > Fabian > > ______________________________**_________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/**pool <http://lists.ntp.org/listinfo/pool> >
_______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
