On Monday 30 August 2010 1:12:20 pm Scott Baker wrote: > What's the best way to deal with a bad NTP client? My server was getting > 4000 requests every 5 seconds from a 65.99.214.245. The box was able to > handle it fine, but my firewalls were having a problem handling that > many packets. > > I was able to block that IP at our upstream router. Is there a better > way (with NTPd) to block something like that? :::snip packet summaries::: I think the only approved means of dealing with such would be to restart your NTP server configured to send KOD (Kiss Of Death) packets or a politely worded request to the manager of the offending box(es) if you can identify them.
I think I recall reading that ICMP administratively prohibited packets work in decreasing traffic from some misbehaving clients. I recall that NTP traffic can clobber stateful firewalls and has been discussed before. I do not remember when. I seem to recall that it was suggested that tracking such packets should be disabled. -- JamesB192 -- Everything I say is wrong, including this. () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
