Hello, Klaus, > that server will see this as *one* very bad client.
you are right. I overlooked this. So there really is no need to keep a big table of abusive clients for protection. I was wrong. (And can sleep even better now.) Thank you! Andreas Am 10.01.2014 10:10, schrieb Klaus Hartnegg: > On 10.01.2014 01:12, Andreas Krüger wrote: >> I guess I'm afraid of a botnet attack. In the scenario >> that concerns me, considerably more than 600 clients >> simultaneously try to use several ntpd >> not for amplification, but just for reflection. > > If 1000 trojaned machines all try to attack the same target, all using the > same ntp server, that server will see this as *one* very bad client. This is > because the requests must look as if they were coming from the target (forged > source IP address). Otherwise the reply from the server would not go there. > Thus the limit to 600 clients would only be reached, if there were more than > 600 different targets being attacked simultaneously, and one ntp server takes > part in all these attacks. > > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
