At 5:07 PM +0200 2005-09-09, Miroslaw Jaworski wrote:
The only matter is that A is an abusive client and should be disallowed
to access ntp pool servers.
I dont see any problem with launching dns based blacklist listing
IP addresses of abusive ntp clients.
Okay, that's a little different. Running a blacklist of this
sort is quite an undertaking, however. A lot of work goes on behind
the scenes that most people who are otherwise knowledgeable with
regards to DNS wouldn't understand, much less anyone else.
Blacklist should be used by pool's ntp servers' network filters,
effectively disallowing abusive clients from contacting pool's ntp
service, no matter which server was abused and when and how abusive
client was configured - either by dynamical means ( pool's dns )
or by hand.
The bigger problem is that many abusive clients become even more
abusive when they are denied access. Many sites in the pool are
already doing firewall-type things locally, and they have found that
when they firewall an abusive client, the situation goes from bad to
worse.
So, I'm not seeing how the DNS black list is going to help.
--
Brad Knowles, <[EMAIL PROTECTED]>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
