Laurence wrote: > Is the 'discard' parameter of ntpd a good way to cut down on the abusers? > If so what units are the average and minimum in? Packets per minute? And > the probability of discard - is that a number between 0 and 1? The NTP > documentation is very verbose, but seems to be missing key details here > and there... > > discard [ average avg ][ minimum min ] [ monitor prob ] >
No, this feature is next to useless. I have tried it for a while, but: - there is no other recovery from a blocked address than restart of ntpd or overflow of the table - the feature false-triggers when people use the burst or iburst facility. while one would want them not to use it, it happens. and there is no path of communication back to the client to tell them "stop using burst". so, after a while there are lots of clients blacklisted that do not send that much traffic. Should you want to try it, I used this: discard average 15 minimum 1 monitor 1 You can also use "kod" (kiss of death) but almost nobody implements it, so it usually does not work. restrict default limited nomodify nopeer notrap kod I know what you mean. I also have some losers with 7 second (or below) interval. They just don't get it. But it can be worse. Some time ago I had an entire (it seems) Austrian technical university querying my server via some NAT device. Upwards of 5 requests per second, all from different ports. I tried contacting their local system admin (via address on the website) to try to explain they should setup a local server, but never a reply. Only after filing a complaint with the central administration for the Austrian university network, it stopped. There should have been a messaging feature in NTP. Rob _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
