Today I am seeing a ton of these request from two specific ip addresses
that is being blocked by my firewall but I am not sure if it is some new
virus or vulnerability. I know there is no reason for me to being
recieving this traffic. I know this is NTP and possibly someone
configured their ntp client incorrectly but I am recieving a ton of
traffic for this just to be ntp poles.
Anyone else seeing anything.
Dec 28 15:13:44.492026 rule 0/(match) block in on le0: 66.96.30.91.123 >
X.X.X.X.23597: v4 server strat 3 poll 0 prec -28
Dec 28 15:15:06.585773 rule 0/(match) block in on le0: 82.96.64.2.123 >
X.X.X.X.28934: v4 server strat 1 poll 0 prec -19
> > 82.96.64.2
Name: bandit.probe-networks.de
Address: 82.96.64.2
> > 66.96.30.91
Name: ferret.eicat.ca
Address: 66.96.30.91
--
http://www.digitalrage.org/
The Information Technology News Center
