On Thu, Dec 22, 2011 at 01:26, Nyamul Hassan <[email protected]> wrote: > The attack is still on. The RX is still around 7 Mpbs, but the upload is > restricted to 64kbps, as the rule mentioned above is intended to. > > Is this 64kbps enough for NTP service to work properly?
Far more than enough for a single client, or even a small network of clients behind a NAT. Try adding "limited kod" to your ntp.conf "restrict default" line, or if you don't have one now, add: restrict default limited kod notrap nopeer restrict 127.0.0.1 restrict :: That should further trim your reflected attack on the putative "source" address to one packet every 8 seconds or so, at which point the miscreants will likely find a more cooperative NTP server to abuse. Cheers, Dave Hart _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
