I just fired off an e-mail to their abuse department. If you do the
same perhaps they'll take it seriously enough to investigate. Might be
a reflective attack that they can't do anything about, but if it's just
a customer with a badly configured NTP client they ought to be able to
resolve the issue for us.
Tim
On 05/08/2013 10:58 AM, Stuart Berry wrote:
I have just checked my logs and I'm getting between 300 - 1500 requests a
second from this IP. Looks like its been happening for roughly the last 72
hours.
I've just blocked it at my edge, not sure if its worth worrying about any
further. I'll monitor it for the next few days and if it doesn't subside I'll
contact the abuse for that block.
Stuart.
AlbyVA <[email protected]> wrote:
I would contact your provider's abuse/security group about a possible
DDoS attack from this address.
They should be able to filter the traffic before it eats up your bandwidth.
AS | IP | AS Name
12083 | 75.76.155.206 | WOW-INTERNET - WideOpenWest Finance LLC
-Alby
On Wed, May 8, 2013 at 10:03 AM, <[email protected]
<mailto:[email protected]>> wrote:
For the last six hours or so I have seen an obnoxious rate of
requests (ranging from 60 to 300 per second) from the aforementioned
IP. Not sure if it's a badly implemented client or someone trying
to use my server for some sort of reflective attack. It has long
since been blocked by my firewall but I've been running servers in
the pool for a few years now and never had to deal with this before.
Curious if anybody else has seen this? Any suggestions for what to
do about it other than block the traffic at my edge and wait for it
to die down?
_________________________________________________
pool mailing list
[email protected] <mailto:[email protected]>
http://lists.ntp.org/listinfo/__pool
<http://lists.ntp.org/listinfo/pool>
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
