* Brad Knowles ([EMAIL PROTECTED]) [050909 13:30] wrote:
> Bad client A contacts their DNS server B, to find the IP address
> of poor abused time server C. DNS query comes in from B to pool
> nameserver D, which knows nothing about A. B is told about the IP
> address(es) of C, and returns that information to A. A now starts
> abusing C.
> Good client E contacts the same DNS server B, which has cached
> the information it got from D, and returns that to E. E now starts
> sending queries to C as well.
> C reports A as an abusive client back to D, but how can D tell
> where this client got the information?
D doesnt have to analyze anything concerning A - especially search
through logs when A did asked and got the pointer to C.
The only matter is that A is an abusive client and should be disallowed
to access ntp pool servers.
I dont see any problem with launching dns based blacklist listing
IP addresses of abusive ntp clients.
Blacklist should be used by pool's ntp servers' network filters,
effectively disallowing abusive clients from contacting pool's ntp
service, no matter which server was abused and when and how abusive
client was configured - either by dynamical means ( pool's dns )
or by hand.
Miroslaw "Psyborg" Jaworski
--
[EMAIL PROTECTED] ( Psyborg ) MJ102-RIPE GTS Polska sp. z o.o.
Servers Administration Department Manager
"Life is like photography. You develop the negative."
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
