[Pool] DDOS protection check?

Brian Rak brak at constant.com
Wed Feb 12 13:49:07 UTC 2014


Why would they do this, when they can just exploit other NTP servers for 
massive amplification?

I've had a couple people try to tell me that the attacks I was seeing 
were spoofed, and it couldn't possibly be their IP.  Yet they all had 
NTPD running with monlist enabled...

On 2/12/2014 4:31 AM, Andreas Krüger wrote:
> Just a thought:
>
> The rogue ones could use a botnet to send junk in a DDOS attack,
> send that junk directly from the bots to the victim
> with no NTP server involved, but nevertheless
> the bots could forge the sender address to make it _appear_
> the junk comes from legitimate NTP servers -
> hoping the victim's provider's admins will be fooled
> into contacting the NTP servers' admins.
>
> Regards, Andreas
> _______________________________________________
> pool mailing list
> pool at lists.ntp.org
> http://lists.ntp.org/listinfo/pool



More information about the pool mailing list