On Sat, Apr 08, 2006 at 10:51:27AM -0500, Church, Chuck wrote:
Since the intended (and announced) use of this server is just for DIX networks, blocking NTP from any other networks should be trivial. That IP address will still be hit by D-Link devices looking for a suitable server, but with no response, they'll move onto another device, and probably never try the DIX address again, at least until they're rebooted. That alone should kill off 95% of the unwanted traffic hitting the box, and probably 80% of the traffic even being sent to DIX in the first place.
It would be nice if it were that simple. However there are an annoyingly large amount of poorly-written clients whose polling ratios do not decrease after they get no response from the server. There have even been some clients whose polling rate *increases* after they get no response.