Why would they do this, when they can just exploit other NTP servers for
massive amplification?
I've had a couple people try to tell me that the attacks I was seeing
were spoofed, and it couldn't possibly be their IP. Yet they all had
NTPD running with monlist enabled...
On 2/12/2014 4:31 AM, Andreas Krüger wrote:
Just a thought:
The rogue ones could use a botnet to send junk in a DDOS attack,
send that junk directly from the bots to the victim
with no NTP server involved, but nevertheless
the bots could forge the sender address to make it _appear_
the junk comes from legitimate NTP servers -
hoping the victim's provider's admins will be fooled
into contacting the NTP servers' admins.
Regards, Andreas
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
