On Apr 16, 2007, at 12:04 PM, Jeffrey Goldberg wrote: >> It's not very helpful to CC: every NTP abuse report to the >> timekeepers mailing list, especially for the initial contacts. > > OK. I didn't know what the convention was. I only recently > started copying to the list after I noticed that someone else did. > But that may have been a special case.
Perhaps. It might be useful to seek more feedback from others on the list as to what they'd find useful-- I've already put my two cents in, so I won't repeat my position. :-) [ ... ] >> I generally don't worry too much about IPs with less than 1 >> million queries-- that's about equivalent to downloading a single >> big file... > > I see my effort as more pedagogical than actually defending my > network resources. So I don't have any particular cut off, but > just go after that top two or three when I go through my logs. That works for me, too. You might find it helpful to publish your network's policy what acceptable use of your NTP servers actually is in terms of a rate on the page you email to people, perhaps along with a pointer to your NTP stats page(s). You might want to put this info at the very top, so that people don't have to wander through a description of NTP itself to figure out what you consider to be a problem. Or perhaps link to the NTP.org's "rules of engagement" page, or the NTP abuse/vandalism page here: http://en.wikipedia.org/wiki/NTP_Vandalism Anyway, at least at the moment, my servers actually don't have any significant abusers, even though I've got about 5000 active clients: http://pi.codefab.com/ntpstats/ntp_stats.txt ...when the top consumer is using less than 3% of the aggregate bandwidth, all is well. It's when the top consumer is 20-40% that you've got a real abusive client. Of course, opinions vary-- add salt to taste. -- -Chuck _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
