On Dec 30, 2013, at 23:41, Arnold Schekkerman <[email protected]> wrote:
> Is it possible for the tool to reduce the score and get server operators > e-mailed > that way? I visit the management page very little, but I do act on pool > warning > e-mails I receive. You don't get an email until the server has already been removed from the pool and I'm not sure it is (yet?) the right response to remove those servers from the pool. I considered some variations like making the servers with this problem be get kicked out more easily in case of problems or very slowly have their score decrease, but there are disadvantages (mostly related to unpredictability) with those approaches and no advantages over just emailing and (eventually) just making "failing" this test disable the server in the pool system. For what it's worth: So far I haven't seen any indications that the attackers are using 'pool.ntp.org' to find servers for the reflection attack. Of the people who've (privately) written to me many (most?) have said the attacked server was not in the pool so I think the attackers just scanned the internet to find IPs. I have some more information this that I can't disclose, but I'm confident that the number of "open for reflection" servers in the NTP Pool is a very minor part of the problem overall (and also that compared to all the others then we have a clear path to get it sorted because for starters we have some contact information for those IPs that's more relevant than whatever is in whois). Ask _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
