[Pool] DDoS Type Attack

AlbyVA albyva at empire.org
Thu Feb 13 23:49:09 UTC 2014


 You are blocking legit requests, but mitigating the impact of the attack
likely outweighs the lost of legit NTP traffic (for a little while).
If it becomes chronic and you have deep pockets, there's always Prolexic
who can save you for a pretty penny.



On Thu, Feb 13, 2014 at 6:18 PM, Nyamul Hassan <nyamul at gmail.com> wrote:

> Hi,
>
> Our public NTP servers have started receiving an inordinate amount of NTP
> requests.  In order to mitigate the problem, we find that a lot of these
> queries are originating from or being sent to ports other than 123.
>
> From the documentation, and all literature that I can find on the internet,
> it seems any remote client who needs to talk to our NTP servers on UDP 123,
> must also originate the request from UDP 123.  Considering this, we have
> firewalled any traffic for/from UDP 123 on our servers that does not
> start/end in UDP 123 on the remote machines.
>
> Could someone confirm if this is correct?  Or are we blocking legitimate
> reqeusts as well?
>
> Regards
> HASSAN
> _______________________________________________
> pool mailing list
> pool at lists.ntp.org
> http://lists.ntp.org/listinfo/pool
>


More information about the pool mailing list