Doh.. Nevermind.. I was thinking Matt's server was part of an attack than being attacked. :)
On Mon, Dec 16, 2013 at 10:27 AM, AlbyVA <[email protected]> wrote: > > > You'd think that an NTP reflection army would be somewhat lackluster vs. > using a handful of the 28,000,000/million > Open DNS Resolvers -- http://www.openresolverproject.org > -Alby > > > > > On Mon, Dec 16, 2013 at 10:20 AM, Brian Rak <[email protected]> wrote: > >> It's probably a DDOS reflection attack, rather then an abusive client. >> We've started to see them more often via NTP (in addition to SNMP, DNS, and >> chargen). >> >> On 12/16/2013 10:07 AM, Matt Wagner wrote: >> >> On Mon, Dec 16, 2013 at 2:14 AM, Michael Rathbun <[email protected]> >> wrote: >> > >> > 64.61.140.162: total: 11328 avgint: 1 >> > >> > hmm... >> >> I used to get a bunch of these. I'm not quite sure what causes it, but >> it's annoying. >> Some might have been a bunch of people using NAT, but in other cases it >> looked >> like it was a single client querying me once a second. >> >> I used to pretty aggressively seek these things out and block them in >> iptables, but >> I eventually concluded that it was pointless. Since I had ntpd set up >> with the 'kod' >> and 'limited' keywords, I was really just moving where the requests got >> dropped, but >> also preventing ntpd from sending an occasional KoD. (Not that the client >> seemed >> to pay attention to them.) >> >> I'm still pretty curious what causes a client to do this, though. I >> can't see an obvious >> misconfiguration that would do this. >> >> -- >> Matt >> >> >> _______________________________________________ >> pool mailing [email protected]http://lists.ntp.org/listinfo/pool >> >> >> >> _______________________________________________ >> pool mailing list >> [email protected] >> http://lists.ntp.org/listinfo/pool >> > >
_______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
