Hi list. I've been doing some work on a less computationally-intensive way of detecting and dealing with ntp hogs. Suitable for linux only. To quote from the README (sorry about the length):
...... How conntrack works ------------------- There are two scripts in the implementation. 1. Data collection (conntracka) is run quite often -- I run it every minute. It's job is to single out common users of ntp over an hour by reading the /proc/net/ip_conntrack file and extracting all ips with udp 'connections' pointing at port 123. This is then used to update a database of pairs consisting of the ip and a count which represents 'recent appearances' in ip_conntrack. Each count is reduced by a proportion every run, and an appearance in ip_conntrack causes an addition to the count. IPs having a count greater than some threshold are written to a file read by the second script. 2. The action script (conntrackb) is run every hour. It is concerned with two iptables chains: ntp-rate contains rules to accumulate the number of hits from the specified ip. This a testing arena for candidates to bozohood. ntp-filter contains rules which filter out known bozos by dropping all their ntp requests. On the other hand, if the bozo is actually an ex-bozo based on the number of drops over the previous hour then his rule is deleted. The processing summary is: 1. Delete ntp-filter rules for ex-bozos 2. Create ntp-filter rules for new bozos, verified in ntp-rate 3. Clear ntp-rate and add ntp-rate rules for all hyperactive candidates detected by conntracka. 4. Zero the counts in ntp-filter. ...... Thanks for reading. Downloadable at http://www.penninespringmusic.co.uk/rich/software/conntrack.tgz Any feedback would be much appreciated. -- Richard A Leach | Why look through windows when you can walk through gates? The great little festival -- http://www.PennineSpringMusic.co.uk A Centre of Excellence for Domestic Information Technology Solutions 5344.9735,N,00201.2268,W,263.0 _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
