David L. Mills wrote:
David,
There are copious examples of that happening right now on the NIST and
USNO servers. What would you suggest we do to stop it? See the paper
Mills, D.L., J. Levine, R. Schmidt and D. Plonka. Coping with overload
on the Network Time Protocol public servers. Proc. Precision Time and
Time Interval (PTTI) Applications and Planning Meeting (Washington DC,
December 2004), 5-16.
Full text is at www.eecis.udel.edu/~mills/papers.html.
Dave
I read the referenced paper with great interest. I noticed that little
attention was paid to the idea of tracking down perpetrators and taking
actions ranging from asking the perpetrator to cease and desist to
asking the courts to intervene. There was an exchange of messages on
this newsgroup a few months ago on this topic. A system administrator
at HP's (formerly Digital's) Western Research Laboratory complained the
his NTP server was being beaten up by clients sending requests at a rate
of 1 PPS. The clients appeared to all be served by a single ISP. He
was not interested in spending the small amount of time required to
identify the IP addresses of the perpetrators and to ask the ISP to shut
them down. There was no reply to my suggestion that since this was a
Denial of Service attack he should request assistance from his legal
department.
The reference implementation of ntpd contributes to the deluge in a
small way! Running a Motorola Oncore as a reference clock causes my
home server to query its internet servers every 16 seconds. It's
nothing I would do by choice; they serve only as a sanity check on my
Oncore reference clock There does not appear to be any way of turning
this feature off short of modifying the code.
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
