This is a new one on me.
A few days ago I noticed the network usage for one of my servers had increased substantially and had got a bit excessive. As the server has limited BW, and I’d already dropped the pool bandwidth down to the minimum 384k, I didn’t have much choice other than to shut down the ntp service and drop myself out the pool.
I checked again this morning and was a bit surprised to find I was still receiving 3mbit/sec of NTP traffic …
from a single host
Looking back on my traffic stats, its easy to see why the network usage had gone up, it appears this host has been banging away since the 24th; effectively doubling my average incoming BW usage.
The IP address resolves to something generic, I won’t post the whole hostname here, but it’s in the osk3.eonet.ne.jp domain; which looks to me like a residential ISP. My guess is a compromised computer attempting to DOS something through my server. Obviously, that was never going to work, but the host shows no sign of giving up.
I guess my only option here is to complain to the ISP and see if they’ll take action.