On 10.01.2014 01:12, Andreas Krüger wrote:
I guess I'm afraid of a botnet attack. In the scenario that concerns me, considerably more than 600 clients simultaneously try to use several ntpd not for amplification, but just for reflection.
If 1000 trojaned machines all try to attack the same target, all using the same ntp server, that server will see this as *one* very bad client. This is because the requests must look as if they were coming from the target (forged source IP address). Otherwise the reply from the server would not go there. Thus the limit to 600 clients would only be reached, if there were more than 600 different targets being attacked simultaneously, and one ntp server takes part in all these attacks.
_______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
