[ntp:questions] Connection peaks

Hal Murray hal-usenet at ip-64-139-1-69.sjc.megapath.net
Sat Feb 24 22:26:43 UTC 2007


>First of all, I'm a bit concerned with your use of the word
>"terrorist". Here is a definition: One who utilizes the systematic use
>of violence and intimidation to achieve political objectives, while
>disguised as a civilian non-combatant.
>Someone who uses DoS or DDoS attacks are not a terrorist.
>The floods seems to come from an ISP in Turkey named TurkTelecom, many
>of their clients try to syncronize with my server in very intense
>bursts.
>I've also noticed in monlist that most clients have sent like 5
>packets, but some have sent about 50000 packets. Why is this?
>The peaks lasts for about 1 hour, half an hour the connections
>increases dramatically, and for the next halv hour they dicrease.
>There seems to be no special time of day when it happens, it can be
>anytime with a seemingly random delay until the next peak.
>Anyone else got any ideas?

The burst of an hour is probably when your system is active
in the pools DNS server.

The 50000 packet case is probably buggy software.  That's the
"terrorist".  It may be an innocent bug, but it's hard to tell
the result from what a terrorist would do.

-- 
These are my opinions, not necessarily my employer's.  I hate spam.




More information about the questions mailing list