On Fri, 9 Sep 2005, Brad Knowles wrote: > > I dont see any problem with launching dns based blacklist listing > > IP addresses of abusive ntp clients. > > Okay, that's a little different. Running a blacklist of this > sort is quite an undertaking, however. A lot of work goes on behind > the scenes that most people who are otherwise knowledgeable with > regards to DNS wouldn't understand, much less anyone else.
I don't think using DNS is the best idea here, I would suggest something more simple. People in the pool who wish can gather stats and spot bad clients, they can then upload their list ( just a bunch of IPs , one per line) . The central site just puts these all togeather and publishes them at a URL people can download. > The bigger problem is that many abusive clients become even more > abusive when they are denied access. Many sites in the pool are > already doing firewall-type things locally, and they have found that > when they firewall an abusive client, the situation goes from bad to > worse. I think the solution is to send back the wrong date to the abusive user, this is the only thing a person who has installed a bid client and not looked at it otherwise is likely to notice. I did a bit of hacking of a server a while ago but it's sort of stalled. If someone out there has a bit of time and skill to play with the source to one of the commmon daemons (probably the default one or the openbsd one) to hack it a little to return the wrong time and listen on the wrong port please contact me. Someone who is a little better than me at iptables would be good to ( to create a nat rule to redirect queries from bad IPs to the other port ) and we can hopefully get a working prototype going so people can decide whether or not to go with it. -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT. _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
