(Seems like this msg. didn't make it to the list - my follow-up and a reply to the follow-up arrived but this msg. didn't, so trying again)
Hi, I’ve recently set up a ntp-server (ntp.vlh.dk) and added it to the pool and beside an alarming offset of about 400ms recently (http://stats.vlh.dk) it seems to be working quite well. Now I’ve then started collecting some stats using the script found here: http://www.schlitt.net/scripts/ntp/ This revealed something that I surely didn’t expect to see. The server itself (10.0.1.1) is listed as the top-requesting client, producing about 25% of the total requests – I’m sure that’s not meant to be so, or am I wrong? Close followed by a server producing ~20% of the requests – I’m not troubled by the amount of traffic created (as of now anyway ☺), but I might investigate methods to block heavy abusers. (btw. The rate in the stats is requests per second?). What are my options of auto-ignoring clients that goes below ie. 30secs (what’s the ‘standard’ value). Below is a snippet of the stats collected by the scripts: Estimated active ntp pool clients: 550 Estimated abusive ntp pool clients: 14 Estimated inactive ntp pool clients: 34277 Total ntp pool clients being tracked: 34827 Note: NTP is a stateless and connectionless (UDP based) protocol, so exact numbers can't be determined. 1374759 ntp requests, in total, have been seen since 12/02/06 18:53:47 349846 (25.4%) are from clients that are still active. Long term request rate: 0.123 seconds between requests (8.13 req/sec) Long term bandwidth in: 0.604 KBytes/s 4.829 Kbits/s Long term bandwidth in: 1.492 GB/month 11.938 Gb/month Current request rate: 0.268 seconds between requests (3.73 req/sec) Current bandwidth in: 0.277 KBytes/s 2.215 Kbits/s Current bandwidth in: 0.684 GB/month 5.474 Gb/month (NTP packets are usually 76 bytes, UDP overhead included, in each direction.) The dump file was written 14 seconds ago, at 12/04/06 17:50:51 Subnets with many clients: # of Subnet Total Aggregate Abusive IPs Count Rate Clients 5 195.137.237.x 392 216.341 0 Clients with rapid updates (min requests of 100): Rank First Seen Client IP Requests Rate Usage Cumulative 1 12/02/06 18:53:47 10.0.1.1 87104 1.30 24.90% 24.90% * ! 2 12/03/06 06:18:17 85.214.39.135 65143 1.90 18.62% 43.52% * ! 3 12/02/06 18:54:02 130.226.165.136 19156 8.54 5.48% 48.99% * ! 4 12/02/06 18:53:54 63.72.140.8 10411 16.01 2.98% 51.97% * ! 5 12/02/06 18:55:15 69.140.110.134 9483 16.01 ( 2.64%) 6 12/02/06 18:54:03 89.233.255.59 8651 13.92 2.47% 54.44% * ! 7 12/02/06 18:53:57 83.92.234.227 7315 28.04 2.09% 56.53% * ! 8 12/04/06 09:50:01 82.242.97.173 6398 3.70 1.83% 58.36% * ! 9 12/03/06 08:57:08 81.29.64.229 6216 31.81 1.78% 60.14% * ! 10 12/02/06 18:54:13 200.55.209.18 5507 30.35 1.57% 61.71% * 11 12/02/06 18:54:10 88.160.185.2 5481 30.10 1.57% 63.28% * 12 12/02/06 20:48:37 83.151.37.122 4991 30.03 ( 1.41%) 13 12/04/06 09:50:01 62.212.122.131 4809 5.07 1.37% 64.65% * ! 14 12/02/06 18:54:03 87.198.194.50 4276 25.57 1.22% 65.88% * 15 12/03/06 03:27:38 69.49.140.70 3214 41.62 0.92% 66.80% * 16 12/03/06 03:54:11 74.225.41.189 3117 52.58 0.89% 67.69% * 17 12/03/06 21:18:14 85.24.138.175 2253 32.09 0.64% 68.33% * 18 12/04/06 12:05:48 212.239.176.86 2093 9.50 0.60% 68.93% * ! 19 12/03/06 20:37:07 87.225.240.22 1759 43.44 0.50% 69.43% * 20 12/04/06 09:32:49 82.70.125.166 1647 16.02 0.47% 69.90% * ! 21 12/04/06 09:42:00 83.169.161.142 1305 35.72 0.37% 70.28% * ! 22 12/04/06 12:23:52 85.235.252.105 1038 14.78 0.30% 70.57% * ! 23 12/04/06 09:37:23 63.105.27.11 952 30.38 0.27% 70.84% * 24 12/04/06 09:48:49 125.238.1.68 810 32.24 0.23% 71.08% * 25 12/04/06 09:54:52 24.108.189.82 809 15.34 ( 0.23%) 26 12/04/06 09:28:03 213.87.86.60 640 39.77 ( 0.18%) 27 12/03/06 22:14:25 80.63.183.2 498 16.39 ( 0.14%) 28 12/04/06 09:38:35 196.33.246.18 494 42.38 ( 0.14%) 29 12/04/06 13:26:32 84.61.171.147 487 31.94 0.14% 71.21% * 30 12/04/06 14:48:54 217.148.122.38 469 4.60 ( 0.13%) 31 12/04/06 15:05:18 212.65.243.107 442 15.93 0.13% 71.34% * ! 32 12/04/06 15:15:06 88.232.120.17 414 1.59 ( 0.12%) 33 12/04/06 10:34:43 140.78.96.30 380 32.02 ( 0.11%) 34 12/04/06 07:53:17 83.151.156.92 377 7.91 ( 0.11%) 35 12/04/06 15:16:44 85.99.54.121 369 2.16 ( 0.11%) 36 12/04/06 07:40:13 192.38.227.98 365 15.95 ( 0.10%) 37 12/04/06 14:58:11 85.104.80.125 264 2.61 ( 0.08%) 38 12/04/06 16:16:58 130.226.31.81 231 5.08 ( 0.07%) 39 12/04/06 14:56:04 194.29.45.157 165 13.46 ( 0.05%) 40 12/04/06 15:05:22 86.135.163.244 162 14.60 ( 0.05%) 41 12/04/06 15:12:08 84.186.91.234 137 16.52 ( 0.04%) 42 12/04/06 15:17:18 193.68.24.46 117 20.57 ( 0.03%) 43 12/04/06 14:42:34 217.148.123.27 100 23.46 ( 0.03%) * = "active" = probably will send another request. ! = "abusive" = min requests of 100 and an average rate of less than 30s between requests over the life of the entire connection. -erialor _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
