On Thu, Oct 15, 2009 at 1:52 AM, Adrian von Bidder <[email protected]> wrote: > > And if we all would just start closing port 123 udp on the firewall on > xx:59:57 and open it again on 00:00:03? > > (Should be easy by a small cron job running in minute 59, sleep 55s setting > the firewall rule, sleep 5s, remove the firewall rule. On a lightly loaded > system where cron jobs and such small commands are not delayed by swapping > etc.)
Would that really help much? Since the incoming queries will still travel down your pipe until they hit the firewall, the incoming bandwidth crush will still happen. At that point, you might as well answer those ntp queries if you can, since there are still some "bad" (s)ntp clients out there that re-query in a few seconds or less if they don't get an answer. If you can coordinate with your upstream ISP to drop the incoming ntp packets in their core or at their edge routers at the top of the hour, that might help. Based on my experience getting certain large ISPs aid with DDoS attacks, I wish you good luck with such a project. ;-) -- RPM _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
