Eric wrote: > On Mon, 9 Feb 2009 14:07:26 -0800 (PST), jlevine <jlev...@boulder.nist.gov> > wrote for the entire planet to see: > >> In the last few days I have seen an increasing number of systems that >> are requesting the time in NTP format several times per second. > > Have you considered the possibility that they are spoofed queries from a > botnet? There are some records of which IPs are the current/past targets. > > There have been a number of recent DDoS attacks using spoofed UDP packets. > The usual attack uses port 53 (DNS) and attempts to get 'amplification' of > a small query into a large response towards the victim IP. NTP packets are > the same size both ways, but might still be used to help with a flood. > > The only mitigation I can think of here is for NTP to not respond to > excessive rate queries at all, or very infrequently, after the KOD. > > - Eric
That's what the latest code does. Danny _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
