[email protected] said: > My NTP server was recently killed by such an attack (no monlist). It was > getting far in excess of 50K qps, possibly well over 100K qps. Things were > so bad any IPv4 traffic was just about impossible because the server's IPv4 > stack -- internal data structures, buffer resources, etc -- had been > overwhelmed. That box is no longer in the pool and will probably never > return. Another NTP server I ran which wasn't in the pool got DDoS'ed last > week in a similar attack and it didn't do monlist either.
What sort of system was that? How good was the network connection to the outside world? > IMO if too many spoofed? packets reach the NTP server, the bad guys have won > no matter what ntpd does. True. I'd expect a modern CPU to be able to keep up with a 100 megabit link. Anybody have any good numbers? -- These are my opinions. I hate spam. _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
