On Saturday, June 14, 2014 9:52:46 PM UTC-5, Harlan Stenn wrote: > Yes, and remember we live in a world of NAT. While there is much to be > said for running "your" NTP servers that talk to outside NTP servers and > having all of your other NTP clients talk to your NTP servers, some > folks don't do this, and that means their clients can send a lot of > queries to external servers and these requests will be coming from > (different ports from) a single IP address (due to NAT).
This is a good point. As a matter of fact, IPv4 has been exhausted in many locations around the world (first in Europe, then in Asia and, this month, in Latin America). Many IPv4-starved ISPs, having sit on their hands for years about moving to IPv6, have increasingly resorted to NAT for large swaths of their customers. This is bad in many ways, as the Internet grew out of one address per node. Unfortunately, this is bound to be a problem for years, when packets seem to come from the same address at a high rate. I'd be inclined to reject such likely NAT sources as if they were abusers, but this would just punish the customers of an irresponsible ISP. _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
