[Pool] NTP amplification attack?

Charles Swiger cswiger at mac.com
Fri Jul 24 01:27:27 UTC 2015


Another idiot sets up a VOIP system which uses the pool, \
Doesn't get answers because of a firewall blocking the replies. \
VOIP system retries every second spamming your NTP server, \
And then they argue with you about who is responsible for the traffic.

(Burma shave.)

Regards,
-- 
-Chuck

On Jul 23, 2015, at 4:38 PM, Brian Rak <brak at constant.com> wrote:
> Honestly, it looks like someone's trying to abuse *his* machine to attack you.
> 
> We get abuse complaints all the time from people who are attacking us :/
> 
> On 7/23/2015 6:42 PM, oliver domke wrote:
>> I got an abuse message today regarding an alleged ntp amplification attack,
>> but I'm pretty sure that it's a confugiration problem on the other side.
>> The guy sent me the following log-line:
>> 
>> Jul 22 18:20:55 voip ntpd[2743]: sendto(5.9.29.107): Operation not permitted
>> 
>> 
>> After some googling I think it's a firewall problem on the "voip" machine,
>> not an attack from 5.9.29.107 (my machine).
>> Can anyone confirm that?
>> 
>> Thanks in advance!
>> 
>> *Oliver Domke*



More information about the pool mailing list