On 2014-06-14 12:59, brian.cun...@gmail.com wrote:
Is there a suggested way to rate-limit queries by broken clients? Running an NTP Pool Server costs me $40/month in Amazon AWS Outbound Bandwidth (if you want the full scoop, read here: http://pivotallabs.com/ntp-server-costing-500year/ ). I suspect that broken NTP clients are part of the problem (for example, 2 IP addresses in Puerto Rico query my server on the average 11.5 times per second--eliminating just those 2 would save me almost $1/month). Are there any other techniques people have found to be helpful? I like running a server for the NTP Pool, I just don't want to spend a lot of money doing it.
p.s. No, my server isn't being used in a reflection attack: monlist is disabled, and the NTP traffic load is symmetric.
Everyone should have "restrict default kod limited"... but often this is boneheaded configuration or bad rookie software, that does not respect the KOD packets or RATE codes, as others have found, so other than asking AWS to block those abusers, you can only take down that name and address (many bozos prefer using IP addresses, for many bozo reasons; as opposed to engineers using IP addresses for engineering reasons), and set up another or elsewhere. -- Take care. Thanks, Brian Inglis _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions