[Pool] DDoS Type Attack

Nyamul Hassan nyamul at gmail.com
Thu Feb 13 23:18:35 UTC 2014


Our public NTP servers have started receiving an inordinate amount of NTP
requests.  In order to mitigate the problem, we find that a lot of these
queries are originating from or being sent to ports other than 123.

>From the documentation, and all literature that I can find on the internet,
it seems any remote client who needs to talk to our NTP servers on UDP 123,
must also originate the request from UDP 123.  Considering this, we have
firewalled any traffic for/from UDP 123 on our servers that does not
start/end in UDP 123 on the remote machines.

Could someone confirm if this is correct?  Or are we blocking legitimate
reqeusts as well?


More information about the pool mailing list