On Tue, Mar 11, 2008 at 9:05 PM, Tim Shoppa <[EMAIL PROTECTED]> wrote: > Are there any currently executing NTP surveys, like Guyton's (1994), > Minar's (1999), Mura/Torres (2005)? >
I wrote some code months ago to do a random IP scanning NTP survey. This seemed like a great idea for getting around the fact that most servers don't respond to ntpdc or ntpq, and a good way to produce usable estimates for the actual number of public NTP servers out there in a non-linear IP space. However, I realized after I wrote the code that it behaves very much like a worm to intrusion detection systems, and in fact in testing triggered a heuristic rule on our own IDS. My initial rate-limited test scan of 100K IP addresses had interesting results, but not quite enough to be statistically significant (only one stratum-1 server was found, for example.) I was unnwilling to go further and scan wide swaths of the Internet, lest my ISP notice the scanning and decide to cut us off as a pre-emtpive security measure. Then I realized that measuring the number, type, and quality of publicly accessible servers, while interesting, is not nearly as interesting as also measuring the number type and quality of clients per server. My method couldn't do that, and I couldn't think of a way to do it, so I let the whole idea slide until I came up with something. -- RPM _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
