Jeffrey Goldberg wrote: > Well, I'm absolutely flabbergasted by the abusive clients. I'd like > some understanding of what's behind it and what people do about it. > > It don't see anything to gain by being deliberately abuse. You don't > gain anything by sending out a request 5 times per second. As > annoying as it is, there is little chance of doing any noticeable > vandalism. So my guess is that it is accidental. But how could > someone accidentally configure a client to just keep making requests. > I think that most abuse is just ignorance. There are some different ways of getting high rate of queries from a single IP:
1. a lot of systems behind a NAT router. each system is configured to use the pool. when all of the systems are powered up at about the same time (e.g. after a power failure or an automated hotfix installation), all of the systems get the same DNS reply when starting their NTP daemon and they all query the same set of timeservers. You get a high polling rate from a single IP, but in fact there are different systems. This can sometimes be noticed when checking the source port number. 2. a firewall that suppresses your reply, combined with a broken client. some clients start polling once per second when they don't get a reply. sometimes people have a firewall that rejects the returned UDP packet from your server (I even get "ICMP administratively blocked" sent to my system sometimes) and their client increases the poll rate without ever getting in sync. 3. outright broken config files from persons who believe that fast polling is better or that bursting is the way to go. this is more towards vandalism rather than ignorance, but it could be caused by not reading the documentation and guessing what certain options will do (possibly after someone used a user-frienly admin GUI to generate the config file, and bursting is just a checkmark) Of course people don't gain by this behaviour. Either they lose, or they get no gain. However, many admins don't monitor their systems and they just don't know that something is wrong or sub-optimal. The big problem is that there is no way to get in contact with the responsible person, so you will just have to live with the situation. Rob _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
