> The part you are missing, Rob, is that NTP selects it's servers at start up and > is static until you restart the service. Once you restart the service it > probably will grab another server from the pool, but...
> NTP as a service could go months or years without a restart, conceivably. I know that, but I am a bit puzzled about their configuration. It looks like a NAT router because several requests per second come in, and when looking at the port numbers there are several different source ports that repeat requests at a lower rate. So, I think there are many systems on a LAN that each have their NAT entry in the router and are all sending me requests. What I don't understand is why they are all sending their requests to ME. Or maybe they aren't and there are many more systems on that LAN than I know of, and I see only part of those. It could be that each of the clients has eu.pool.ntp.org as their time server and most of them were rebooted after some power failure and all got the same IP address(es) from the pool. If so, it will probably go away sometime. What I am a bit worried about is that someone may have hardcoded my address somewhere after seeing that I have stratum-1 time from 3 different receivers, and thought I am some professional institution while in fact I am just a hobbyist on an ADSL line. I don't mind explaining them how to setup a local NTP server, sync it with me and/or others, and serve their clients from there. But they are completely deaf (or at least mute). Of course it is a recurring topic. We have no way to contact clients. It is probably hard to solve. It could be considered to add some "message" facility to the protocol, but with so many lame implementations around it will probably not be widely implemented (and most of the abuse is from lame implementations anyway, KoD usually accomplishes nothing either). Maybe something could be done when a special DNS server is used instead of regularly reloading zones into a standard one. The special server could at least distribute the load a bit better, by shuffling the addresses on a per-request basis instead of once per hour. So when a bunch of systems behind a single NAT router gets rebooted all at about the same time, they don't get all the same timeserver addresses (assuming there is no DNS cache). It might even be possible to implement a blacklist, so that the DNS returns 127.0.0.1 when a known abuser queries the zone... I now have simply blocked 193.170.124.119 at the firewall so I waste no more upstream bandwidth on them. _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
