Matt Wagner wrote:
On Mon, Dec 16, 2013 at 2:14 AM, Michael Rathbun <[email protected]
<mailto:[email protected]>> wrote:
>
> 64.61.140.162 <http://64.61.140.162>: total: 11328 avgint: 1
>
> hmm...
I used to get a bunch of these. I'm not quite sure what causes it, but it's
annoying.
Some might have been a bunch of people using NAT, but in other cases it looked
like it was a single client querying me once a second.
I used to pretty aggressively seek these things out and block them in iptables,
but
I eventually concluded that it was pointless.
I think it is a badly written client that behaves like this (sending a request
every second)
when it does not get a reply. It may be that your replies (and probably
everyone's replies)
are blocked by a wrongly configured firewall at his end, and the client
infinitely re-tries.
I have seen this behaviour back when I was still running a pool server on IPv4.
I enabled
rate-limiting and KOD that caused clients polling once every 15 seconds or more
often,
and found that as a result I got some clients that polled every second.
Resetting the blocks
made them stop doing that. Apparently the rate-limiting mistriggered (maybe
because of
an initial burst?), KOD was not implemented, and the fact that I ignored the
polls just made
them send more often.
I concluded that filtering, rate-limiting and KOD are not suitable mechanisms
to fend of
badly written or badly configured clients.
Right now I only run an IPv6 pool server, and I don't see this problem now.
Probably there
are not so many badly written NTP clients that support IPv6. At least for now.
Rob
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
