[ntp:hackers] [Fwd: Re: Blast attack at USNO]
David Mills
mills at udel.edu
Thu Apr 8 18:22:52 UTC 2010
-------- Original Message --------
Subject: Re: Blast attack at USNO
Date: Thu, 8 Apr 2010 14:11:08 -0400 (EDT)
From: Richard Schmidt <rich.schmidt at usno.navy.mil>
To: mills at UDel.Edu
Dave,
All good questions.
This graph is created by having each of tick/tock/ntp2 do a
"ntpdc -c iostats; sleep 10; ntpdc -c iostats"
and thus getting a 10-second difference of rx and tx packets. Divided by 10.
For historical reasons we keep this metric.
The hourly spikes are presumably SNTP traffic scheduled by cron or other
applications.
The NTP flood apparently locked up an old HP 4000M switch in IT that then
cut us off from the Internet. This happened exactly on the hour when the
normal 14,000 packets per second was added on top of the flood of 24,000
packets per second to hit the limit of the old HP switch.
Attached is a jpeg of the sysstats traffic logs from tick/tock/ntp2
RES
--
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ *
~ Richard Schmidt Systems Engineering Branch ~
~ Time Service Department rich.schmidt at usno.navy.mil ~
~ U.S. Naval Observatory, Wash., DC 20392 (202)-762-1578; Fax 762-1511 ~
~ http://tycho.usno.navy.mil ~
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ *
More information about the hackers
mailing list