nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Recent NTP pool traffic increase

From: Laurent Dumont <admin () coldnorthadmin com>
Date: Mon, 19 Dec 2016 13:29:19 -0500
I also have a similar experience with an increased load.
I'm running a pretty basic Linode VPS and I had to fine tune a few things in order to deal with the increased traffic. I can clearly see a date around the 14-15 where my traffic increases to 3-4 times the usual amounts. 

I did a quick dump and in 60 seconds I was hit by slightly over 190K IPs

http://i.imgur.com/mygYINk.png

Weird stuff

Laurent


On 12/17/2016 10:25 PM, Gary E. Miller wrote:

Yo All!

On Sat, 17 Dec 2016 17:54:55 -0800
"Gary E. Miller" <gem () rellim com> wrote:


# tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"

And I do indeed get odd results.  Some on my local network...

To follow up on my own post, so this can be promply laid to rest.

After some discussion at NTPsec.  It seems that chronyd takes a lot
of 'creative license' with RFC 5905 (NTPv4).  But it is not malicious,
just 'odd', and not new.

So, nothing see here, back to the hunt for the real cause of the new
NTP traffic.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        gem () rellim com  Tel:+1 541 382 8588
Previous By Date Next
Previous By Thread Next

Current thread: