On Mon, Apr 17, 2006 at 06:10:51PM -0700, John Pettitt wrote: } } Is there any expectation that a pool server will server time on TCP port } 37 ? I'm seeing lots of attempts on my boxes which I think are pool } related - maybe another badly written client out there ....
There is no expectation that pool servers will have port 37/tcp "time" running, but several do, including my two. So run it or not, it's your choice, but if your in the pool people will try to connect to it. I changed /etc/identd.conf so that time runs as nobody instead of root - I don't know if it makes much difference but it can't hurt. 37/tcp "time" is used by the program "rdate". I'm getting about 1200 connections/week on port 37 with a couple IPs connecting several hundred times/week and about 40 unique IPs total. The busiest IP averages out to about once per 15 minutes. It's not enough network traffic to worry about. If you want to hear about abuse listen to this: I have a webserver running on the same machine and I noticed that a few IPs in one subnet were making many many connections to my webserver just getting the main page, without any images, over and over again. I firewalled the subnet out and the connection attempts got more frequent. I grepped my logs after a while and found they were making 198,000 connections/week. I found what company owned the network and sent a complaint. They replied and said that someone was trying to use my webserver as a time server! They weren't just fetching the headers (HEAD), they were doing a GET to pull the full webpage just to get the time out of the header. My email put a stop to it. -- E Frank Ball [EMAIL PROTECTED] _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
