[Pool] DDoS Type Attack
albyva at empire.org
Thu Feb 13 23:49:09 UTC 2014
You are blocking legit requests, but mitigating the impact of the attack
likely outweighs the lost of legit NTP traffic (for a little while).
If it becomes chronic and you have deep pockets, there's always Prolexic
who can save you for a pretty penny.
On Thu, Feb 13, 2014 at 6:18 PM, Nyamul Hassan <nyamul at gmail.com> wrote:
> Our public NTP servers have started receiving an inordinate amount of NTP
> requests. In order to mitigate the problem, we find that a lot of these
> queries are originating from or being sent to ports other than 123.
> From the documentation, and all literature that I can find on the internet,
> it seems any remote client who needs to talk to our NTP servers on UDP 123,
> must also originate the request from UDP 123. Considering this, we have
> firewalled any traffic for/from UDP 123 on our servers that does not
> start/end in UDP 123 on the remote machines.
> Could someone confirm if this is correct? Or are we blocking legitimate
> reqeusts as well?
> pool mailing list
> pool at lists.ntp.org
More information about the pool