[Pool] 4000 packets a second?

Mon, 30 Aug 2010 13:12:39 -0700

What's the best way to deal with a bad NTP client? My server was getting 4000 requests every 5 seconds from a 65.99.214.245. The box was able to handle it fine, but my firewalls were having a problem handling that many packets.
I was able to block that IP at our upstream router. Is there a better way (with NTPd) to block something like that? 


13:06:21.709563 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.709571 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.709579 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.709618 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.709668 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.709712 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.709811 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.709862 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.709876 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.709891 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.709899 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.709912 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.709917 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.709942 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.709950 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.710061 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.710161 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.710210 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.710332 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.710346 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.710354 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.710363 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.710390 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:21.710712 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:21.710749 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:23.434252 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:23.434445 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48
13:06:23.434458 IP 65.99.214.245.123 > 65.182.224.60.123: NTPv3, Client, 
length 48
13:06:23.434583 IP 65.182.224.60.123 > 65.99.214.245.123: NTPv3, Server, 
length 48



--
Scott Baker - Canby Telcom
System Administrator - RHCE - 503.266.8253
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool






















					Reply via email to