http://lists.ntp.isc.org/pipermail/hackers/2003-August/000268.html http://lists.ntp.isc.org/pipermail/hackers/2003-August/000270.html
21.6% of all my clients are sending packets matching "NTPv4 client, strat 0, poll 0,
prec 0"
Several of these are doing 1 query every 30 seconds, while others are less
frequent, up to 5 minutes apart.
Very simple script to insert a firewall rule for every matching IP:
# (run in a loop)
tcpdump -nlpi ppp0 port 123 and dst host 1.2.3.4 -c 100 > queue
for x in `grep "client, strat 0, poll 0, prec 0" queue | awk '{print $3}' | cut
-d '.' -f 1-4`; do
grep $x banned &>/dev/null || (echo $x | tee -a banned; iptables -I
INPUT -s $x -j NTP)
done
--
Simon Arlott
signature.asc
Description: OpenPGP digital signature
_______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
