[Pool] DDOS protection check?
brak at constant.com
Wed Feb 12 13:49:07 UTC 2014
Why would they do this, when they can just exploit other NTP servers for
I've had a couple people try to tell me that the attacks I was seeing
were spoofed, and it couldn't possibly be their IP. Yet they all had
NTPD running with monlist enabled...
On 2/12/2014 4:31 AM, Andreas Krüger wrote:
> Just a thought:
> The rogue ones could use a botnet to send junk in a DDOS attack,
> send that junk directly from the bots to the victim
> with no NTP server involved, but nevertheless
> the bots could forge the sender address to make it _appear_
> the junk comes from legitimate NTP servers -
> hoping the victim's provider's admins will be fooled
> into contacting the NTP servers' admins.
> Regards, Andreas
> pool mailing list
> pool at lists.ntp.org
More information about the pool