>>> [...] we had two rather irate people call our emergency support >>> line, demanding that we fix the system that was attacking their >>> network. On port 123/udp. [...] >> [...] > Your NTP server could be responding to requests with forged source IP > addresses, so in a sense, your server really is "attacking" a > third-party.
I never put the two together now, but this could be why I've never had any such complaints. I have a watcher snooping my port-123 traffic and any IP that sends too fast gets router-blocked at my border. I did this out of self-defense against clients that don't understand why it's a bad thing to query multiple times a second or the like. But it does mean that I'm not much use as an attack bandwidth amplifier. (Yes, I have similar guards on port 53 too....) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
