I restarted my NTP server yesterday (to add some stratum 1 clocks; hooray for half the jitter!). The server was down for less than a minute and never left the NTP pool. But after everything stabilized again I find suddenly I have 1/3 the abusive clients I used to have and 3/4 my request level.
Before the restart, about 0.9% of my clients were sending more than 20 requests in 10 minutes. Since the restart it's down to about 0.3%. I think that's a reduction of about 15 clients. My overall traffic is now down, about 12 requests/second compared to 16 requests/second before. You can see this all on my graphs here: http://www.somebits.com/ntp/one%20week.html I was surprised by this behaviour; I'd assumed the abusive clients were so insane they wouldn't even notice if the server was up. I have full packet captures for this whole period; would it be useful to try to figure out precisely which clients left me? I guess it's mostly foolish to try to figure out what's going on with anonymous Internet clients, but I'm curious. (Speaking of curious, I've now rigged my NTP server to record a timestamp and source address for every single request, as well as full pcap captures for 1/100th of my requests. I intend to log this for months in the hopes it will later be useful for someone researching pool usage. It's about 7 megabytes / day of disk space.) _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
