[Pool] DDoS Type Attack
brak at constant.com
Fri Feb 14 00:02:32 UTC 2014
Specifically, what kind of requests are these?
Have you confirmed that you are not participating in DDOS attacks via
the monlist command? (check ntpdc -c monlist YOURIP from a remote
machine). If you've only recently corrected the monlist issue, you'll
still receive attack attempts for quite some time.
On 2/13/2014 6:18 PM, Nyamul Hassan wrote:
> Our public NTP servers have started receiving an inordinate amount of NTP
> requests. In order to mitigate the problem, we find that a lot of these
> queries are originating from or being sent to ports other than 123.
> From the documentation, and all literature that I can find on the internet,
> it seems any remote client who needs to talk to our NTP servers on UDP 123,
> must also originate the request from UDP 123. Considering this, we have
> firewalled any traffic for/from UDP 123 on our servers that does not
> start/end in UDP 123 on the remote machines.
> Could someone confirm if this is correct? Or are we blocking legitimate
> reqeusts as well?
> pool mailing list
> pool at lists.ntp.org
More information about the pool