On Feb 27, 2007, at 4:16 AM, Rob Janssen wrote: > Jeffrey Goldberg wrote: >> Well, I'm absolutely flabbergasted by the abusive clients. I'd like >> some understanding of what's behind it and what people do about it.
> I think that most abuse is just ignorance. There are some different > ways of getting high rate of queries from a single IP: > > 1. a lot of systems behind a NAT router. each system is configured > to use the pool. when all of the systems are powered up at about > the same time (e.g. after a power failure or an automated hotfix > installation), all of the systems get the same DNS reply when > starting their NTP daemon and they all query the same set of > timeservers. It turns out that this is what happened in my case. I had a total of 13,000 requests from 3 IPs, one was averaging a request every 0.15 seconds. The other two were at about one request every two seconds. This went out for about half an hour and shortly after I started collecting stats. > The big problem is that there is no way to get in contact with the > responsible person, so you will just have to live with the situation. I actually got a very prompt response from tera-byte.com telling me. > I have just had a discussion with the sys admin that runs the 100+ > servers > that sit behind those ip addresses. He has agreed to setup and run > a local ntp server rather than querying pool.ntp.org And > We also have 2 ntp servers on our network for co-location > customers to use > however he was querying the pool directly. So at least in one case contacted the abuse email from the whois records for a net has shown that some good can come of sending off a note. However, I should note that others have mailed me off list also recommend ignoring abuse. After all a single ntpd server can easily handle the load of abusive clients. Still, prompted by an early success, I do like to idea of encouraging people to set up proper hierarchies. -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/ _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
