Coping with Overload on the Network Time Protocol Public Servers
Abstract
The public time servers operated by USNO and NIST provide time synchronization, directly or indirectly, to millions of Internet computers today. The load in the form of processor cycles and network traffic has doubled in the last 2 years and could eventually overwhelm the servers and the network infrastructure unless something is done about it. While both USNO and NIST operate multiple servers across the US, the aggregate load is highly unbalanced and the flagship servers at headquarters are nearing capacity. This paper discusses the current conditions at USNO and NIST and suggests technical defenses designed to protect their resources. Surprisingly, a significant fraction of the total load is due to the occasional defective client design that spews an alarming number of packets without good reason. In one incident at the University of Wisconsin a defective NTP implementation in a router product resulted in a large-scale denial of service attack on the university's network. At NIST and USNO most of the population are well-behaved "mice," but a significant proportion of the total traffic is due to a relatively few number of abusive "elephants." The paper proposes that the best advice may be to find the elephants and shoot them.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2005
- Accession Number
- ADA435805
Entities
People
- David K. Mills
- David Plonka
- Judah Levine
- Richard Schmidt
Organizations
- University of Delaware