[Pool] DDoS Type Attack

Rob Janssen rob at knoware.nl
Sat Feb 15 22:11:10 UTC 2014

Andreas Krüger wrote:
>> Sending KOD packets is a true waste of time and resources!
> They don't hurt.  And sending them makes me feel better.  (I
> don't mind to be the "caller in the wilderness" guy.)  What makes
> me feel better and is cheap and easy enough to do, I don't call a
> waste.  ;-)
> Why do they make me feel better?  They are in the standard.

I experimented with sending KOD when I saw there were clients that were sending too many queries,
and I found that at least one of those badly implemented client programs that sent way too
many queries reacted to KOD by immediately re-trying the query.
Instead of sending maybe 1 query every 10 seconds, it went to sending queries as fast
as they could be bounced back an forth across the link.
I think those that see astronomic query rates should first remove KOD and see if that fixes it.

Other client programs simply ignored the KOD and kept on going as they were before.
I think only the standard ntpd understands KOD, and isn't normally misbehaving anyway.


More information about the pool mailing list