Just my 2 cents:
I hate IP based blacklists. In Germany there are millions of dialup/DSL
users getting a new fresh IP address every time they go online, at least
every 24 hours (after their ISP forced a hangup and they reconnected).
If you blacklist whole IP ranges, you punish 99% of people doing nothing
wrong and, yes, hit the 1% causing trouble.
If all of you agree that a blacklist should be able to prevent a
repetition of the netgear fiasco or other malicious private users/ntp
clients, forget it. This will not work, from my point of view.
I could think of implementing some mechanics in the NTP implementations
to specify a "minimum interval" which basically says "only reply to a
request if the last one from that IP took place more than x seconds".
This will not be helpful in another UWisc-like situation, but prevents
abusive clients from being served.
Kind regards,
Heiko
--
------------------------------------------------------------------------
*MEINBERG Funkuhren*
Auf der Landwehr 22
D-31812 Bad Pyrmont, Germany
Tel.: ++49 (0)5281 9309-25
Fax: ++49 (0)5281 9309-30
eMail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Internet: www.meinberg.de <http://www.meinberg.de/>
------------------------------------------------------------------------
Meinberg radio clocks: 25 years of accurate time worldwide
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
