Hi, I have Snort running on my firewall and there is 1 IP address triggering a NTPDX overflow attempt. When I took a closer look at this rule I saw that these packets are > 128 size. I tried to do a whois on this IP with no result. Then a traceroute brought me to lt.nelson.monkey.org. A visited the homepage at www.monkey.org and on the members list I saw a "Nelson". A click on that name brought me to a weblog and guess what? I knew this guy. He posted a message on this list a few minutes ago, what a coincidence!
So please Nelson, can you explain to me why your packets don't have a standard size for ntp, or am I wrong or Snort? And why are you polling me in the Netherlands from overseas? I could not query your server and you appeared in my logs from October 3d till 9th, BTW. Thanks, Jos van de Ven _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
