-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22 Jun 2011 at 10:19, Condor wrote:
> Hello ppl, > do I can ask what traffic from pool is normal ? I some times have > problems ... I think I got too much query. This problem is from long > time and it's happened only for small amount of time. For 30 min to 1 > hour and usual when Im not logged in to see what's happened. Here is > error that i got from kernel: > Your pool config allows you to set a rate you might manage. About once a month I was hit by turk-telecom which was about 12-15k requests in about 10-30 minutes but dns rotation must allow for them so if same hits I no longer notice. There are other single ips that I assume from whois lookups are from multiple hosts using a single ip dddress and I stopped worrying about those after I'd been in the pool a few months. (I was worrying because the maximum rate of hits if sustained would have added to my monthly chatges). - From your logs I'd guess you have ntp misconfigured. I assume you've checked that with ntp disabled that you no longer get those messages. > net_ratelimit: 686 callbacks suppressed > nf_conntrack: table full, dropping packet. > nf_conntrack: table full, dropping packet. > nf_conntrack: table full, dropping packet. > > First time when I successful dump the traffic > when it's happened I see for 14 seconds my ntp receive 3300 > send/receive > query. After a private email between me and owner project Ask Bjørn > Hansen he decide nothing strange is happened. Today I see that > situation again and I log 58100 send/receive query for 20 sec. Both > logs can be download from: www.stz-bg.com/traf/ or that is almost 3000 > send/receive per second. I did not use any firewall delays, only one > postrouting rule to nat my internal network. > > I want to ask is that normal or Im attacked? Because traffic is from > UDP you can change query source address and this will become an > attack. > > I post this message to news group with my tcp/ip tunning and guys > there start discus my tunning not my problem so I remove them from > this email :) > > -- > Regards, > Condor > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool - -- David Lord <[email protected]> <ftp://ftp.lordynet.org/pub/pgpkeys/lordynet.org/david/pubk ey.asc> <http://www.lordynet.org/pub/pgpkeys/lordynet.org/david/pub key.asc> -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 -- QDPGP 2.65 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBTgH71q2RmIodDo7KEQK95QCgiLxwf5v21v2QnD+Vn3L1QU3VVxEAniLW egKnflGJ6mwOTShSRyCUJmiz =ICzp -----END PGP SIGNATURE----- _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
