> Abusers that query every second keeps an entry in your router conntrack table > just for themselves while regular clients entries go away after a few seconds. >
Could it be worse than that? I could imagine a UDP conntracking implementation that kept a separate entry for source ip/port pair. If the deranged client is using random new source ports in every request, it'd go bad quickly. If you can tell your router to forward the NTP port directly to your server, it may be smart enough to not bother with entries in some connection table. I'd never run a public NTP server from behind a NAT router. I wouldn't run one on an ADSL connected server, either. But we've had that discussion before. _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
