> * Joel Reicher ([EMAIL PROTECTED]) [050914 11:59] wrote:
> >> The "discard packets if too many requests received" method only helps
> >> against users caring about time syncronization, but using the wrong
> >> software or configuration. If those people detect that they do not get
> >> what they want, they will either change the ntp server they are using or
> >> reconfigure/change their software.
> > Somebody's already suggested something much better to achieve this. I
> > forget who it was, but the suggestion was that abusive clients be given
> > the *wrong* time, rather than be ignored. Users will notice this much
> > more.
>
> The subject appeared because abusers generate extra load for ntp daemon.
To be honest I don't know enough of ntpd's internals to judge whether
replying is much more expensive than already having received the packet
and ignoring it. I suspect there isn't much difference, or if there
is, the extra work required in judging whether a packet should be
ignored is probably more work than just replying with the time. I
certainly can't continue this argument without knowing more.
> The goal should be not handling abusers at all ( best: not even letting
> their packets to reach ntpd, worse: discarding their packets inside ntpd,
> right after receiving ).
>
> Differentiating answer to regulars and abusers inside ntpd is against
> the principles of the Networking Art imho.
I think you correctly identify this as a "Networking Art" issue. It's
got nothing to do with ntpd, and no fancy tricks with ntpd are likely
to offer a good solution.
I see only one solution, and that is to stop the packets upstream.
This means either stopping them at their source (best case), or having
(indirect) access to router configurations that can do tricky stuff
(unlikely).
If the best case is possible with a client, than giving the wrong time
will achieve it.
Anyway, good luck with your experimenting.
Cheers,
- Joel
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
