[Pool] [D]DoS attack characteristics and mitigation
hmurray at megapathdsl.net
Mon Feb 10 18:07:25 UTC 2014
ntp-pool at rfc1035.net said:
> My NTP server was recently killed by such an attack (no monlist). It was
> getting far in excess of 50K qps, possibly well over 100K qps. Things were
> so bad any IPv4 traffic was just about impossible because the server's IPv4
> stack -- internal data structures, buffer resources, etc -- had been
> overwhelmed. That box is no longer in the pool and will probably never
> return. Another NTP server I ran which wasn't in the pool got DDoS'ed last
> week in a similar attack and it didn't do monlist either.
What sort of system was that? How good was the network connection to the
> IMO if too many spoofed? packets reach the NTP server, the bad guys have won
> no matter what ntpd does.
True. I'd expect a modern CPU to be able to keep up with a 100 megabit link.
Anybody have any good numbers?
These are my opinions. I hate spam.
More information about the pool