[afnog] How do you maintain your ntp server ?
Willy MANGA
mangawilly at gmail.com
Wed Jun 13 13:43:16 UTC 2018
Hi,
Le 05/06/2018 à 15:09, Nishal Goburdhan a écrit :
> On 4 Jun 2018, at 12:46, Willy MANGA wrote:
>
>> Indeed it's a public service. My concern was about requests coming from
>> countries (in another continent) when (from my point of view) there are
>> already many ntp servers in their area.
>
> meh. it’s one internet. i silently (and sometimes not-so-silently)
> make fun of people who seem to think that IP addresses “belong” to a
> region. :-)
You got a point here . :)
> lesson #1 : traffic doesn’t come from “countries”; it comes from
> networks. if you truly believe that this is malicious, then you
> *should* act against it. that means that you probably want to engage
> your ISP, and their transit ISP, to backtrack, and identify the source.
So difficult in my country if I need to engage my ISP. Telco world is
unfortunately very closed :-\ . For instance, I was very fortunate to
have my ISP collaborate with me when I request IPv6 in my networks.
I hope one day two big managers will tell to their team that there are
some issues that can be discussed publicly. Look the archives of
cmNOG[1] for instance. They are suscribed but very few said something :-\
So frustrating from an end-user like me ...
1. https://lists.cmnog.cm/pipermail/cmnog/
>> I may be wrong but I consider it as an abuse.
>
> it’s your network; and you are providing access to the resource, so, if
> you feel it’s abuse, feel free to limit it. a pf rule, (or whatever
> linux poison you are suffering), could be used to limit the source on
> your device. and if it’s causing problems upstream by clogging your
> pipes, ask your ISP for help. i’d given you some numbers on the traffic
> that i see; use that (and other data that others here might give you)
> to figure out if you are truly being abused, and create your policy
> based on that.
Firewall rules have been updated. It works fine right now. Current score
of my ntp server still 20/20 on IPv4/IPv6 :)
> on the other hand … you might also be seeing the residual part of
> someone that has a problem, and it may be worth your while reaching out
> to the network in question to let them know of the problem they’re
> creating for you. it certainly won’t be the first time that ntp has
> created interesting traffic. [2] consider that they might be merrily
> unaware that they’re creating issues for you …
Not a great probability here :)
> to provide you with some more data, i pulled 10x 1000 packet samples,
> over a semi-random period of time, and from super-quick analysis, i see
> that we do indeed attract packets that are not “from africa”.
> interestingly enough, *all* of these appear to be v4 requests (vs. the
> more common v3 requests). so that might be worth looking into, as an
> interesting data point. happy to continue chatting off-list if you’d like.
having the same trend here.
When I grab time I'll let you know ;)
--
Willy Manga
@ongolaboy
https://ongola.blogspot.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.afnog.org/pipermail/afnog/attachments/20180613/080d10e3/attachment.sig>
More information about the afnog
mailing list