[Pool] DDoS Type Attack

Andreas Krüger timekeeper at famsik.de
Mon Feb 17 21:37:31 UTC 2014


If your server is being used as the weapon in a DDOS
attack, this will add _one_ entry (per DDOS attack).

For all the slaves in the bot net forge the sender
address to that of the victim that's the target of the
attack.

But any pool server will usually have >= 600 clients
in its list after it has been running for a while.  That's
part of being a pool server.

Regards, Andreas


Am 17.02.2014 18:27, schrieb Brian Rak:
> These days, 600 (not up to 600) is correct.  The list quickly gets filled up
> with people who are being DDOSed.
>
> On 2/16/2014 11:22 PM, Harlan Stenn wrote:
>> Matt Wagner writes:
>>
>>> If you run 'ntpdc -nc monlist YOUR_HOST' before applying, you will see
>>> that, for one small query, you get a list of 600 hosts using your
>>> server back.
>> That's "up to 600".  The number will be far less if your ntp server
>> hasn't seen that many connections.
>>
>> H
>> _______________________________________________
>> pool mailing list
>> pool at lists.ntp.org
>> http://lists.ntp.org/listinfo/pool
>
> _______________________________________________
> pool mailing list
> pool at lists.ntp.org
> http://lists.ntp.org/listinfo/pool



More information about the pool mailing list