[Pool] defending against DDoS attacks
time at rabendary.net
Sat Feb 22 08:10:40 UTC 2014
On Fri, 21 Feb 2014 20:35:03 -0500 (EST), Mouse
<mouse at Rodents-Montreal.ORG> wrote:
>That will continue for a nontrivial time.
Yes; since the amp attacker has no idea whether the target is being
>That was over a week ago. I'm still getting high rates of packets to
>port 123, even though I haven't supported monlist for over a week.
I did packet-drop rules in the router for the worst (avg < 4) hosts before
turning off query. It's at least two months since I last responded to any
external request other than time. The rules are still there, but six of
the original nine offenders are still chugging away. Turning off query
caused the number of new high-volume abusers joining the party to drop to
Looking at logs for a router on another network that doesn't connect an NTP
server, I see at least one port 123 packet refused per hour, so they are
definitely still looking.
"There are no laws here, only agreements."
More information about the pool