On Mon, 9 Apr 2007, Jeffrey Goldberg wrote: > On Apr 9, 2007, at 11:54 AM, Nelson Minar wrote: > >> Could it be worse than that? I could imagine a UDP conntracking >> implementation that kept a separate entry for source ip/port pair. If >> the deranged client is using random new source ports in every request, >> it'd go bad quickly. > > That happens all the time. Not because of a single deranged client but > instead there are lots of slightly less deranged clients behind a single IP > address.
Yup ! I already recommanded the following on this list: That single IP should catch all outgoing connections and redirect them to an internal ntp server. I have never seen it elsewhere nor have I seen somebody else pushing for it since although it seems simple enough to implement and would cut ntp pool request by a factor of 1,000,000 maybe if everybody implemented it (the big providers would be enough). Oh wait, then there would be no use for the pool anymore... ;-))) Louis _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
