Hi,
I am a new member to
au.pool.ntp.org and this is my first post - please be kind. My server reached a
score of +5 in a few hours and is now hovering about the 19.7. Hope to be at 20
in the next few hours!
My server is a W2K
box and I am using an old version of Dilobits YATS32 running as a windows
service. I've run this older version for about 5 years now and found it to be
a very
stable workhorse. It also seems to produce better accuracy than the
built-in w32time. I don't know why this is.
The downside of
YAST32 is it does not log client access - only its own access to other
servers. My server is behind an IPcop box running Snort IDS (as well as
Guardian). I am only on a 512/128 ADSL connection, so I don't have lots of
bandwidth to spare. I have assigned a lower ToS tag to the server so it won't
swallow all my uplink speed when I want it myself.
So... I am
looking for a snort rule to flag abusive clients. Let's call anybody who sets
their time more than 10 times in 10 seconds abusive. Once this is in place, I
can set Guardian to ignore them and conserve uplink speed even more. I am not very experienced at writing snort rules (never done
it before) and am looking for a little help, please.
Thanks
in advance
James
_______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
