[Pool] NTP amplification attack?
cswiger at mac.com
Fri Jul 24 01:27:27 UTC 2015
Another idiot sets up a VOIP system which uses the pool, \
Doesn't get answers because of a firewall blocking the replies. \
VOIP system retries every second spamming your NTP server, \
And then they argue with you about who is responsible for the traffic.
On Jul 23, 2015, at 4:38 PM, Brian Rak <brak at constant.com> wrote:
> Honestly, it looks like someone's trying to abuse *his* machine to attack you.
> We get abuse complaints all the time from people who are attacking us :/
> On 7/23/2015 6:42 PM, oliver domke wrote:
>> I got an abuse message today regarding an alleged ntp amplification attack,
>> but I'm pretty sure that it's a confugiration problem on the other side.
>> The guy sent me the following log-line:
>> Jul 22 18:20:55 voip ntpd: sendto(220.127.116.11): Operation not permitted
>> After some googling I think it's a firewall problem on the "voip" machine,
>> not an attack from 18.104.22.168 (my machine).
>> Can anyone confirm that?
>> Thanks in advance!
>> *Oliver Domke*
More information about the pool