In <[EMAIL PROTECTED]> Peter Roozemaal <[EMAIL PROTECTED]> writes:
> There's been a lot of chatter about blacklists, but does anyone know who > our abusive clients are? Let's do some analysis, starting with my top 3 > of Sep 12th: > > [interesting analysis deleted] > > I can easily handle the NTP traffic at the moment, but I send out the > occasional (polite) email to an ISP abuse account to educate people > about proper pool use. My vote is against a blacklist. My vote is also against a blacklist. I think we could *EASY* create a usable one, but I don't think it is the correct solution. In my experieince, I think sending out polite emails is both the more appropriate and more effective thing to do. I've had an amazingly high response rate from abuse admins and a large chunk of the time the response is "we have a firewall, those clients are supposed to be using <internal NTP server>. We will get them to change their config." Generally, doing a rDNS lookup on the IP address or doing a whois on the IP address will get me someone to contact. A few months back, there was some discussion on the techniques needed to contact abusive clients and sample emails and such. I think it might be a good idea to go back over those emails, summarize them, and create a FAQ. As I mentioned recently, I have seen a drop in the number of highly abusive clients (those that send one packet or more per second). I think this is due to several people in the pool who have worked on contacting the abusive clients. -wayne _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
