I didn't ask them yet, as I was unsure whether the packets really
originated from there or was the source address spoofed. If the source
addresses were spoofed, it wouldn't have helped to ask them (the
potential victim) to stop the traffic.
However, a colleague pointed me towards examining the TTL value of the
packets. That information hinted towards the source really being
31.134.29.9, so I've now sent them a query about the excessive traffic.
We'll see.
Roman Andriadi kirjoitti:
You can ask them to take a look at this problem. Have you already done that?
26.04.2012, 18:32, "Anssi Johansson" <[email protected]>:
I'm seeing this at a rate of about 500 packets/second:
[...]
I don't know if the source address has been spoofed or if they just
think sending NTP packets at that rate is somehow fun.
The "limited kod" restrict configuration (as kindly suggested by Dave
Hart) works wonderfully in this situation, so my server is not having
problems handling this traffic.
This has been going on for a while now, and it'll probably stop
immediately after I've sent this message. See my NTP traffic graphs
http://leopardi.miuku.net/stats/ntppackets.html
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
