Re: [time] Dealing with abusive clients?

Thu, 27 Apr 2006 01:18:48 -0700 

On Thu, 27 Apr 2006, Johan Lindquist wrote:

> Date: Thu, 27 Apr 2006 09:47:29 +0200
> From: Johan Lindquist <[EMAIL PROTECTED]>
> To: Ask Bjørn Hansen <[EMAIL PROTECTED]>
> Cc: [email protected]
> Subject: Re: [time] Dealing with abusive clients?
> Sender: [EMAIL PROTECTED]
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi again,
>
> Seems there are still some good guys out there, here is the reply i got
> from the abusive client ...
>
> >
> > I've noted some interesting behaviour that you may want to look in to.
> > One of the machines that was responsible for hammering your server was
> > running Gentoo. The operator of this machines had enabled ntpd, both
> > client and server. Stopping the server portion effectively stopped the
> > over-zealous ntp traffic. What I don't understand is why the ntp daemon
> > felt the need to hammer your servers (one machine at a rate of about 4
> > requests/second). Both machines were using the stock /etc/ntpd.conf as
> > far as I could tell, so you may want to bring this up in a Gentoo forum
> > somewhere.
> >
>
> Now, I am not entirely up to scratch with the default behavior of NTP,
> so could someone help explain this behavior?  Could it be a firewall
> blocking the replies as you mentioned and that would cause the server to
> try again?

  This situation (vanilla gentoo, ntp abuse) has been noticed before.
  A bad configuration makes that ntpd can't receive the answers
  to requests it sends ; a bug in ntpd causes it to send a request
  every second, forever. See

    http://lists.ntp.isc.org/pipermail/questions/2005-January/003995.html

  Remove the 'restrict' lines and see what happens.

  The '4 requests/second' is interesting ; I don't think we seen that one.

> Johan

  Henk Penning

----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/
http://www.cs.uu.nl/~henkp/                   M [EMAIL PROTECTED]  \_/

_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers

Reply via email to