> Another point would be to check how to "drop" a request as fast and
> efficient as possible, but I guess that would be the easy part.
>
> The main point is whether you/we think that dropping requests of
> "hammering" clients would be a desirable way of getting rid of them or not.
>
> Implementing this into a NTP server application is AFAICS technically
> possible, the question is if it will help or not.
I'm not entirely sure I understand this suggestion, because NTP, since
it is implemented with UDP, does not maintain connections. There's not
really anything to drop. Unless the client obeys some of the higher
level NTP stuff, like KOD, there's no way to tell it to stop. And if
it does obey that stuff, it's unlikely to be very abusive in the
first place; just perhaps misconfigured.
If there's a really harmful client, the damage is already done by the
time the packets reach ntpd.
Cheers,
- Joel
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
