Ask Bjørn Hansen schreef:
On Oct 3, 2007, at 7:50, Nelson Minar wrote:
I was surprised by this behaviour; I'd assumed the abusive clients
were
so insane they wouldn't even notice if the server was up. [....]
That's interesting. Maybe there's a useful "kill the idiot clients"
mechanism somewhere in there -- use firewall rules to turn the ntp
service off for 10 seconds every few hours for the bad clients. If
the bad clients get worse then it'll be back shortly. If they notice
then they'll be gone by then...
That could be a good strategy. Recently I noticed two abusers on my
system, that queried every 2-3 seconds.
I put a deny in my firewall and noticed they immediately disappeared
when receiving no reply. The firewall counter did not increase above 2
or 3.
But as you know, it is not good to just deny any perceived abuser, as
some bad clients respond to blocking by increasing the poll rate :-(
Blocking for some time (10 seconds to a minute) could be very good.
Rob
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
