Hi, we saw a few days ago packets originating from 127.x.x.x directed to port 53/UDP asking unique DNS names. Seems to be a trick to detect DNS resolvers which are configured to accept queries from link-local addresses only. You'll not get an answer, but you may see on your authorative DNS server who asked for this special name.
Maybe it's the same reason with these IPv6 packets. Or maybe a bug in NTP which leads to a DoS... Greetings, Max Am 05.10.2014 um 20:46 schrieb Rob Janssen: > Tapio Sokura wrote: >> Hello, >> >> I just noticed my ipv6 pool server is getting a steady flow of NTP >> queries from IP addresses that seem to be autoconfigured (ff:fe in the >> middle host part), but the network part is all zeroes. >> The contents of the packets seems to be otherwise valid NTP queries. >> Anybody else seeing this? > > I don't currently see these, but when looking in my monlist I see that I have > received > a bunch of those (9 different addresses, most with 1 but some with 2-3 > queries) all > within a short time interval. This was around 2 hours ago. > > Rob > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
