In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Tim Shoppa) writes: > Notice that many of the "naughty" clients get far naughtier if you > do not respond to their polls. It sucks, but that's how it is.
While I know that there *are* cases that naughty clients get worse if you don't reply (e.g. the uwisc ntp incident), in practice for the ntp pool, I have not found the case. In most cases, blocking requests from badly behaving clients doesn't change anything, other than save you outgoing bandwidth. In some cases, I have found that sending packets back to the client causes ICMP port/host unreachable packets to be sent back, so blocking badly behaving clients is a win. Most of the badly behaving clients that was able to get information on turned out to be bog standard ntp clients (typically linux clients) behind a firewall. Many people have less upload bandwidth than download bandwidth, so blocking badly behaving clients saves you the important half of the bandwidth usage. -wayne _______________________________________________ timekeepers mailing list [EMAIL PROTECTED] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
