You'd think that an NTP reflection army would be somewhat lackluster vs. using a handful of the 28,000,000/million Open DNS Resolvers -- http://www.openresolverproject.org -Alby
On Mon, Dec 16, 2013 at 10:20 AM, Brian Rak <[email protected]> wrote: > It's probably a DDOS reflection attack, rather then an abusive client. > We've started to see them more often via NTP (in addition to SNMP, DNS, and > chargen). > > On 12/16/2013 10:07 AM, Matt Wagner wrote: > > On Mon, Dec 16, 2013 at 2:14 AM, Michael Rathbun <[email protected]> > wrote: > > > > 64.61.140.162: total: 11328 avgint: 1 > > > > hmm... > > I used to get a bunch of these. I'm not quite sure what causes it, but > it's annoying. > Some might have been a bunch of people using NAT, but in other cases it > looked > like it was a single client querying me once a second. > > I used to pretty aggressively seek these things out and block them in > iptables, but > I eventually concluded that it was pointless. Since I had ntpd set up with > the 'kod' > and 'limited' keywords, I was really just moving where the requests got > dropped, but > also preventing ntpd from sending an occasional KoD. (Not that the client > seemed > to pay attention to them.) > > I'm still pretty curious what causes a client to do this, though. I > can't see an obvious > misconfiguration that would do this. > > -- > Matt > > > _______________________________________________ > pool mailing [email protected]http://lists.ntp.org/listinfo/pool > > > > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool >
_______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
