After a bit more Googling I found a pdf which suggests the units for the first two parameters are seconds:
"If a packet arrives less than two seconds after the previous packet it is dropped and a KoD sent if configured. 2. If the exponentially averaged interval between packets is less than five seconds, succeeding packets are dropped and a KoD sent if configured." (Near the bottom of page 9: http://www.cis.udel.edu/~mills/database/papers/ptti/ptti04a.pdf ) > No, this feature is next to useless. > I have tried it for a while, but: > > - there is no other recovery from a blocked address than restart of ntpd > or overflow of the table > - the feature false-triggers when people use the burst or iburst > facility. while one would want them not to use it, it happens. and > there is no path of communication back to the client to tell them "stop > using burst". so, after a while there are lots of clients blacklisted > that do not send that much traffic. > > Should you want to try it, I used this: > discard average 15 minimum 1 monitor 1 Maybe the 'minimum' parameter is a bit low? No idea what time period ntpd does its exponential averaging over, but maybe they're getting caught by that? Not resetting until ntpd is restarted sounds like a show stopper though. > I tried contacting their local system admin (via address on the website) > to try to explain they should setup a local server, but never a reply. Had the same experience with a financial organisation, didn't ever manage to get through to someone who understood and they seem to have gone away for now. > There should have been a messaging feature in NTP. Sounds like a plan. Also sounds like fun for hackers ;) Laurence _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
