[afnog] How do you maintain your ntp server ?

Willy MANGA mangawilly at gmail.com
Wed Jun 13 13:43:16 UTC 2018 

Hi,

Le 05/06/2018 à 15:09, Nishal Goburdhan a écrit :
> On 4 Jun 2018, at 12:46, Willy MANGA wrote:
> 
>> Indeed it's a public service. My concern was about requests coming from
>> countries (in another continent) when (from my point of view) there are
>> already many ntp servers in their area.
> 
> meh.  it’s one internet.  i silently (and sometimes not-so-silently)
> make fun of people who seem to think that IP addresses “belong” to a
> region.   :-)

You got a point here . :)

> lesson #1 : traffic doesn’t come from “countries”;  it comes from
> networks.  if you truly believe that this is malicious, then you
> *should* act against it.  that means that you probably want to engage
> your ISP, and their transit ISP, to backtrack, and identify the source.

So difficult in my country if I need to engage my ISP. Telco world is
unfortunately very closed :-\ . For instance, I was very fortunate to
have my ISP collaborate with me when I request IPv6 in my networks.

I hope one day two big managers will tell to their team that there are
some issues that can be discussed publicly. Look the archives of
cmNOG[1] for instance. They are suscribed but very few said something :-\

So frustrating from an end-user like me ...


1. https://lists.cmnog.cm/pipermail/cmnog/

>> I may be wrong but I consider it as an abuse.
> 
> it’s your network;  and you are providing access to the resource, so, if
> you feel it’s abuse, feel free to limit it.  a pf rule, (or whatever
> linux poison you are suffering), could be used to limit the source on
> your device.  and if it’s causing problems upstream by clogging your
> pipes, ask your ISP for help.  i’d given you some numbers on the traffic
> that i see;  use that (and other data that others here might give you)
> to figure out if you are truly being abused, and create your policy
> based on that.

Firewall rules have been updated. It works fine right now. Current score
of my ntp server still 20/20 on IPv4/IPv6 :)

> on the other hand … you might also be seeing the residual part of
> someone that has a problem, and it may be worth your while reaching out
> to the network in question to let them know of the problem they’re
> creating for you.  it certainly won’t be the first time that ntp has
> created interesting traffic. [2]  consider that they might be merrily
> unaware that they’re creating issues for you …

Not a great probability here :)

> to provide you with some more data, i pulled 10x 1000 packet samples,
> over a semi-random period of time, and from super-quick analysis, i see
> that we do indeed attract packets that are not “from africa”. 
> interestingly enough, *all* of these appear to be v4 requests (vs. the
> more common v3 requests).  so that might be worth looking into, as an
> interesting data point.  happy to continue chatting off-list if you’d like.

having the same trend here.

When I grab time I'll let you know ;)


-- 
Willy Manga
@ongolaboy
https://ongola.blogspot.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.afnog.org/pipermail/afnog/attachments/20180613/080d10e3/attachment.sig>

More information about the afnog mailing list