[ntp:hackers] [Fwd: Re: Blast attack at USNO]

David Mills mills at udel.edu
Thu Apr 8 18:22:52 UTC 2010



-------- Original Message --------
Subject: 	Re: Blast attack at USNO
Date: 	Thu, 8 Apr 2010 14:11:08 -0400 (EDT)
From: 	Richard Schmidt <rich.schmidt at usno.navy.mil>
To: 	mills at UDel.Edu



Dave, 
All good questions. 
This graph is created by having each of tick/tock/ntp2  do a
"ntpdc -c iostats; sleep 10; ntpdc -c iostats"
and thus getting a 10-second difference of rx and tx packets. Divided by 10.
For historical reasons we keep this metric. 

The hourly spikes are presumably SNTP traffic scheduled by cron or other
applications. 

The NTP flood apparently locked up an old HP 4000M switch in IT that then
cut us off from the Internet. This happened exactly on the hour when the
normal 14,000 packets per second was added on top of the flood of 24,000
packets per second to hit the limit of the old HP switch. 

Attached is a jpeg of the sysstats traffic logs from tick/tock/ntp2 

RES


-- 
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ *
~  Richard Schmidt                             Systems Engineering Branch ~
~  Time Service Department                     rich.schmidt at usno.navy.mil ~
~  U.S. Naval Observatory, Wash., DC 20392   (202)-762-1578; Fax 762-1511 ~
~                       http://tycho.usno.navy.mil                        ~
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ *




More information about the hackers mailing list