After reading, I wondered: It appears that the timestamp field is present in the KoD packet, would it be possible to track which IP has been given the KoD, and the timestamp of when that was decided, then when another packet comes in, fill the timestamp field with the time the KoD was decided?
Cost: 64 bits per system that has been KoD'd, a reply to each KoD packet. Effect: system that has been KoD'd sees the time holding still, making the server a false-ticker to that client almost instantly. Assumption on my part: false-tickers get labeled as such by the client that has concluded the fact, then that client subsequently leaves that server alone. Brian Brunner [EMAIL PROTECTED] (610)796-5838 >>> "Richard B. Gilbert" <[EMAIL PROTECTED]> 12/22/05 11:10PM >>> David L. Mills wrote: > David, > > There are copious examples of that happening right now on the NIST and > USNO servers. What would you suggest we do to stop it? See the paper > > Mills, D.L., J. Levine, R. Schmidt and D. Plonka. Coping with overload > on the Network Time Protocol public servers. Proc. Precision Time and > Time Interval (PTTI) Applications and Planning Meeting (Washington DC, > December 2004), 5-16. > > Full text is at www.eecis.udel.edu/~mills/papers.html. > > Dave > I read the referenced paper with great interest. I noticed that little attention was paid to the idea of tracking down perpetrators and taking actions ranging from asking the perpetrator to cease and desist to asking the courts to intervene. There was an exchange of messages on this newsgroup a few months ago on this topic. A system administrator at HP's (formerly Digital's) Western Research Laboratory complained the his NTP server was being beaten up by clients sending requests at a rate of 1 PPS. The clients appeared to all be served by a single ISP. He was not interested in spending the small amount of time required to identify the IP addresses of the perpetrators and to ask the ISP to shut them down. There was no reply to my suggestion that since this was a Denial of Service attack he should request assistance from his legal department. The reference implementation of ntpd contributes to the deluge in a small way! Running a Motorola Oncore as a reference clock causes my home server to query its internet servers every 16 seconds. It's nothing I would do by choice; they serve only as a sanity check on my Oncore reference clock There does not appear to be any way of turning this feature off short of modifying the code. _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
