On Mar 29, 2007, at 3:25 AM, [EMAIL PROTECTED] wrote: > I have now [...] implemented the poorly-documented > kod and limit settings (can these be recommended, or at least > suggested on > the project webpage? They are not mentioned in any of the HOWTOs that > I used when setting up ntp)
As someone else mentioned, it is not entirely clear whether the rate limiting actually helps or makes matters worse. Since the problem that you and others are experiencing are with the number of incoming packets, the rate limiting will only do what we want if clients behave appropriately when they don't get a response or get a kod. But it's been claimed (I don't know the details) that some clients will just try harder to reach you if they find you unreachable. If this is true, the rate limiting that I mentioned in my previous post can actually make matters worse. I'm still keeping it in. I think that a lot of "abuse" comes from having large private networks all querying the pool, instead of setting up a local ntp server of their own. In that case, rate limiting should work at reducing incoming traffic. But all of this is speculation. If someone has done research on the nature of the abusive clients, a pointer to it would be welcome. Anyway, I will update my rant about ntp abuse to discuss the real damage that it does to some network configurations. Cheers, -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/ _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
