If someone wants to look into this in detail, I've been logging timestamps for every single request my 100Mbps US time server gets. I've also been logging 1% of the actual NTP traffic. I've gone ahead and extracted timestamps for 8.8.38.2 for a little over two weeks starting April 2. You can download them here: http://www.somebits.com/~nelson/tmp/ntp-8.8.38.2.txt.gz
There's 450,000 or so requests there for a rate of 1 request every 3 seconds. It's not just that that rate is high, it's that they seem to be hitting a bunch of pool servers. It'd be great to have some wiki docs to point people at. But it's a lot of effort to contact abusers. As long as the fraction of clients that are acting poorl isn't increasing, I'm not going to sweat it too much. The fraction of IPs sending more than 20 requests in 10 minutes has held below 0.4% for me in the seven months I've been watching: http://www.somebits.com/ntp/one%20year.html _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
