independence, You are apparently victim of a terrorist flooding attack. See http://www.eecis.udel.edu/~mills/database/papers/ptti/ptti04a.pdf.
You might try enabling the kiss-o'-death (KoD) packet, but the terrorist probably will not respond. To find out who the varmits are, use the ntpdc monlist command. However, the apparent source of the flood is probably not the terrorist itself, more likely a distributed denial of service attack. It would be useful if you could send us the ntpd monlist results. There are three schools of thought on this issue: 1) Behave as if nothing is wrong. The terrorist will lose interest. 2) Toss a KoD, presumably to tell the terrorist was detected and the FBI will swoop on the sender. 3) toss intentionally distorted time, presuably to tell the terrorist was detected and actively defended. The problem with 3) is that it might be hard to differentiate between the misguideds and outright terrorists. Dave independence wrote: > I have some strange peaks in the number of connections to my machine. > It's usually about a couple of hundred of connections, but a copule of > times a day I get a few thousands of connections instead. The traffic > seems to be directed to my NTP server. The ammount of traffic on the > NTP port is only about 100kbit/s, but there are very many connections. > I can have 10000 connections at the same time, which is kind of much. > My machine didn't take it very yesterday and the round trip times > rised to about 500ms so the time went a bit out of sync. Why are there > so strong peaks in the number of connections? I'm in the SE pool, my > server is on 80.252.175.45. > _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
