[Pool] Prevent packet storm

lst_hoe02 at 79365-rhs.de lst_hoe02 at 79365-rhs.de
Thu Mar 24 11:46:44 UTC 2011


since some days i have a public ntp server in the pool. Today i  
discovered that ntpd was using around 5% CPU power and found a  
constant packet flow of around 500..1000 packets per second from a  
single IP address.

Any hints how to deal with this beside dropping them by iptables?

My ntp.conf

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
server ntps1-1.cs.tu-berlin.de
server ptbtime2.ptb.de
server ntp2.fau.de
server zeit.fu-berlin.de
server rustime01.rus.uni-stuttgart.de
server ntp2.nl.uu.net
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict ::1

I can provide a tcpdump on request.

Many Thanks


More information about the pool mailing list