Hello ppl,
do I can ask what traffic from pool is normal ? I some times have
problems ... I think I got too much query. This problem is from long
time
and it's happened only for small amount of time. For 30 min to 1 hour
and
usual when Im not logged in to see what's happened. Here is error that
i
got from kernel:
net_ratelimit: 686 callbacks suppressed
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
First time when I successful dump the traffic
when it's happened I see for 14 seconds my ntp receive 3300
send/receive
query. After a private email between me and owner project Ask Bjørn
Hansen he decide nothing strange is happened. Today I see that
situation
again and I log 58100 send/receive query for 20 sec. Both logs can be
download from: www.stz-bg.com/traf/ or that is almost 3000 send/receive
per second.
I did not use any firewall delays, only one postrouting rule to nat my
internal network.
I want to ask is that normal or Im attacked? Because traffic is from
UDP
you can change query source address and this will become an attack.
I post this message to news group with my tcp/ip tunning and guys there
start
discus my tunning not my problem so I remove them from this email :)
--
Regards,
Condor
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
