ndt-users list created

[Alan Whinery <>]

Hi Tom, Mark,

There is a whole community of a certain personality-type out here who
seem to thrive on checking their DSL and cable connections. I had one
guy who kept calling and emailing me whenever his home DSL was operating
at 95% instead of 100% of spec. They will find open NDT pages and share
them with their friends, and generally chop up your NDT schedule 24x7.
So far, the test collisions seem to happen not-so-often, but I have
spent much time thinking about how to limit less-authorized use. One
idea is to allow 5 test per day and then relegate them to a filter,
etc.  They really like the web100-clt command line version too, so
limiting access to the web NDT page doesn't cut it.

On the other hand, as long as NDT limits the number of concurrent tests
to "reasonable", many NDT sites don't really suffer from the
machinations of these interesting specimens.

Try googling your site name -- I would imagine it shows up in discussion
list posts by  "personality-type-NDT".  I tried explaining this to Rich
once, but I don't know if I succeeded in making it clear why I was
talking about restrictions.

- Alan

On 11/5/2010 12:06 PM, Mark Boolootian wrote:
> Hi Tom,
>
> Gack - not sure how I missed this post...
>
>> I'd be curious to hear if anyone else is seeing similar behavior - if
>> you are, or discover that you are after reading this, I'd be interested
>> in comparing notes.  If I work out what it is, of course I'll let y'all
>> know as well.
> Yes, we've been seeing it.  It looks like the start of the uptick 
> happened the same month you sent your email, so I'm guessing what
> we see is related:
>
>   
> http://newnoc.ucsc.edu/nrg/net/router/utilization/comm-g.ucsc.edu/comm-g.ucsc.edu-_nitro.cgi
>
> I rummaged the log file and found that between Aug 17th and Sept 15th,
> nitro had 1472 unique IP visitors.  Roughly 1200 of those visited ten
> or fewer times.  228 visited more than 100 times, and two guys seem to
> be using nitro all the time:
>
>    65.198.174.82    2186
>   207.246.107.130   1061
>
> I'm getting ready to upgrade nitro and move to using the perfSONAR
> distribution (though it will remain an NDT-only service running on
> port 80).  I'll likely add some iptables restrictions for systems
> that are abusing the service.
>
>> Couple of ideas that fell out of looking at this problem that would make
>> good feature enhancements:
>>
>> - client detail/version reporting, sorta like user-agent reporting in a
>> web server (to discern testing via applet, or cli client, as well as
>> applet/client version)
>> - logging some detail about client queuing, if not running in
>> multi-client mode
> I think a useful feature enhancement might be a hosts.allow type of feature
> that allows you to deny access to NDT services by IP address.  That would
> be far less consumptive of resources (one check per HTTP connection) than
> the iptables approach (one check per packet).
>
> mark
> ---
> Mark Boolootian
> UC Santa Cruz