I am currently being bombed by 193.170.124.119 (lehre.fh-hagenberg.at).
It looks like a NAT router serving a lab full of systems trying
desperately to get their time fix.
It has started a few weeks ago, and I get millions and millions of
queries from this single IP.
It seems to be a technical university in Austria. Their IT seems to be
outsourced.
I have sent several complaints to addresses I could find in whois and on
their website,
and also information queries (who do I contact for abuse from your
systems) to their
generic mail addresses, but there is zero, nada, no reply. It just goes on.
I have blocked them, rejected their packets with ICMP, sent them KoD
replies, but no
difference at all.
What I don't really understand is why it is so persistent and severe.
One would expect
that after some time they would pickup another address from the pool and
bug that one.
It would require a clueless person to configure a fixed address from the
pool as a
destination for all their NTP packets via NAT, and then not monitor the
result (after all,
they have not received a valid reply from me for at least 3 weeks).
I would think someone who would want to setup an NTP environment for a
large number
of computers would study the matter enough to know not to setup a static
address from
the pool, and that it would be better to setup a local server for the
clients and have only
that single server sync to the external world...
Rob
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
