Hello, How would someone benefit from DDoSing UDP port 80? NTP itself can rate limit responses per source ip.
Tuesday, November 5, 2013, 4:54:38, Justin wrote: > I have two machines that participate in the ntp pool project, and I > received an abuse email today. Basically, my server was DDOS someone > else, ntp reflection attack. Obviously that is not something I want to > do. By default my ntp server allows any that connect to port 123. > These ddos were sending the responses back to someone's port 80, which > is causing me the headache. My first step will be to lock the ntp down > to port 123 and ports above 1024 for people behind a nat. I was also > going to place iptables rate limit. Is there anything else I should be > doing? I have read about the restrict limited and discard statement in > ntp.conf, but I'm not sure if that will help here. All my solutions have > been outside ntp.conf, so I know I have to be overlooking something. I > have never had problems with aggressive clients or ntp reflection dos > before. I also really do not care about aggressive clients even now. > The system particulars, Ubuntu 13.10/x86, which uses ntp > 4.2.6.p5+dfsg-3ubuntu2. Any assistance is welcomed. > Thanks again. > Justin > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool -- bYE, Marki _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
