[pkg-ntp-maintainers] Bug#556465: Bug#556465: ntp: default config for pool servers should not use iburst

[Attila Kinali]

On Sat, 26 Dec 2009 14:09:42 +0100
Kurt Roeckx <kurt at roeckx.be> wrote:

> > Using iburst causes ntp to send a voley of packets to the ntp servers.
> > While this is not a problem in a local network or when using an ntp
> > server that doesn't serve a large amount of clients, it might swamp
> > public servers from the ntp pool or debian pool (think about switching
> > on of a lot of machines monday morning at 8).
> > 
> > Hence i suggest to stop using iburst in the default config for any
> > pool server.
> 
> The documentation says:
>    iburst
>           When the server is unreachable, send a burst of eight packets
>           instead of the usual one.
[...]
> So I see no reason to remove this.

I think i've written above why this is a problem, but maybe it
was not clear enough.

Normally, the number of ntp servers from a pool is considerably
smaller than the number of clients using them. Probably in the
range of one server to 10'000 clients or more.

Now consider that most of these clients get switched on around
the same time (when people start to work or when they get home).
Traffic analysis shows that this is quite consistent per region
and ususaly within 15min-30min for "got to work" switch-on and
around 30min-60min for "got home" switch-on

This means, with having iburst as default, that 10'000 or more
clients will be firing a lot of requests to the same server
within a very short period of time. Causing a lot of traffic
and load to said server and could be regarded as a daily DoS attack.

The same, and more serious happens, when a server is offline
for some time and comes back to life. Then all clients will
be firing at the server within a few minutes, causing a major
DoS and possible putting the server offline again.

If you think that is unlikely to happen, just remember when
debian DoS'ed itself by updating the xorg packages.


					Attila Kinali