> The "discard packets if too many requests received" method only helps
> against users caring about time syncronization, but using the wrong
> software or configuration. If those people detect that they do not get
> what they want, they will either change the ntp server they are using or
> reconfigure/change their software.
Somebody's already suggested something much better to achieve this. I
forget who it was, but the suggestion was that abusive clients be given
the *wrong* time, rather than be ignored. Users will notice this much
more.
> I'm pretty sure there is no effective way of dealing with people which
> do not know and therefore do not care that they are doing something wrong.
>
> I'd prefer to let ntpd throw away those requests instead of checking for
> every client if it is blacklisted (and all the effort to maintain such a
> blacklist).
>
> The effect is the same: the client will not get served anymore.
For clients that refuse to be fixed, there is no point blocking
them. For clients that may care, there is something better. Either way,
there's no point not replying.
> The effort on the pool side is similiar or even less: server admins will
> have to change their ntp.conf (following the blacklisting way, they
> probably would have to install/maintain additional software or scripts).
>
> Fortunately it seems that this discard-if-limit-exceeded is already
> implemented in ntpd. I will test this feature and check how ntpd reacts
> if under fire from one client. If anyone else is interested in testing,
> please check out the ntpd online documentation and look for the
> "restrict limited" and "discard" configuration commands, which seem to
> do exactly what I was talking about.
I agree that a blacklist doesn't seem worth the effort. Much better
would be to identify parties responsible (software and distribution
producers) and contact them.
If you manage to get something working that you think is effective,
you should probably post the config/script to this list.
Cheers,
- Joel
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
