[Pool] flood from

Stuart Berry SBerry at tsgateway.com
Wed May 8 14:58:55 UTC 2013

I have just checked my logs and I'm getting between 300 - 1500 requests a second from this IP. Looks like its been happening for roughly the last 72 hours.

I've just blocked it at my edge, not sure if its worth worrying about any further. I'll monitor it for the next few days and if it doesn't subside I'll contact the abuse for that block.


AlbyVA <albyva at empire.org> wrote:

 I would contact your provider's abuse/security group about a possible DDoS attack from this address.
They should be able to filter the traffic before it eats up your bandwidth.

AS      | IP               | AS Name
12083   |    | WOW-INTERNET - WideOpenWest Finance LLC


On Wed, May 8, 2013 at 10:03 AM, <ntppool at arpage.org<mailto:ntppool at arpage.org>> wrote:
For the last six hours or so I have seen an obnoxious rate of requests (ranging from 60 to 300 per second) from the aforementioned IP.  Not sure if it's a badly implemented client or someone trying to use my server for some sort of reflective attack.  It has long since been blocked by my firewall but I've been running servers in the pool for a few years now and never had to deal with this before.

Curious if anybody else has seen this?  Any suggestions for what to do about it other than block the traffic at my edge and wait for it to die down?
pool mailing list
pool at lists.ntp.org<mailto:pool at lists.ntp.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/pipermail/pool/attachments/20130508/a2f1f0f9/attachment.html>

More information about the pool mailing list