[89841] in North American Network Operators' Group
Re: Open Letter to D-Link about their NTP vandalism
daemon@ATHENA.MIT.EDU (Nicholas Suan)
Sat Apr 8 12:18:20 2006
Date: Sat, 8 Apr 2006 11:17:20 -0500
From: Nicholas Suan <nsuan@nonexiste.net>
To: "Church, Chuck" <cchurch@netcogov.com>
Cc: nanog@nanog.org
In-Reply-To: <B6621ED4D0AD394BBA73CA657DFD8976BDE0EB@MSPEXBE01.wamnet.inc>
X-SA-Exim-Mail-From: lupin@nonexiste.net
Errors-To: owner-nanog@merit.edu
On Sat, Apr 08, 2006 at 10:51:27AM -0500, Church, Chuck wrote:
> Since the intended (and announced) use of this server is just for DIX
> networks, blocking NTP from any other networks should be trivial. That
> IP address will still be hit by D-Link devices looking for a suitable
> server, but with no response, they'll move onto another device, and
> probably never try the DIX address again, at least until they're
> rebooted. That alone should kill off 95% of the unwanted traffic
> hitting the box, and probably 80% of the traffic even being sent to DIX
> in the first place.
>
It would be nice if it were that simple. However there are an annoyingly
large amount of poorly-written clients whose polling ratios do not
decrease after they get no response from the server. There have even
been some clients whose polling rate *increases* after they get no
response.
