On Sat, 28 Jan 2006 16:03:55 +0000, Tony Hoyle <[EMAIL PROTECTED]> wrote:
>I'm seeing a number of 'abusive' clients, although it's not too bad >(only 3 at at <5 second intervals so at the moment) - I was wondering >about automating a script to firewall the offenders. > >However, since UDP is a connectionless protocol it seems to me it >wouldn't achieve a lot (since server load isn't an issue on that box). >The packet has already taken up bandwidth to get to me.. All I'd be >saving is the reply packet - is it worth it? What have others done? > >Tony Filtering at my _firewall_ (not by ntpq -c monlist) and triggering at >450 queries an hour saves me 30% of my outbound traffic - which is useful as I am on ASDL. Fri Jan 27 06:25:01 GMT 2006 955K 73M ntp-filter-in udp dpt:123 595K 46M ntp-filter-out udp spt:123 Sat Jan 28 06:25:02 GMT 2006 869K 66M ntp-filter-in udp dpt:123 560K 43M ntp-filter-out udp spt:123 Worst abuser so far in my logs (1 off - not seen since) - Tue Nov 1 04:54:29 2005 - 61.229.xxx.xxx averaged 67650 pkt/hr (sent 451 pkts in 24 seconds). On average I block about 15-20 addresses. best regards Dave _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
