Hi all, currently i have a Problem with a 1&1 Customer in Germany. The Client attacks (I assume it’s a broken NTP client) with ~75req/s one of my NTP Server. I wrote to the Abuse-Team 14 Days ago but never got back an reply. The Client is still there, changing its IP every 24h. Until yesterday i b…

Uh wow, i think I found a solution for that kind of bad clients. The problem existed until a few minutes ago. I just heavily bombed the client with random data. After 1-2gib of trash, which sometimes hit valid NTP flags, the client crashed or at least blocked me. ... 23:01:31.652867 IP 217.197.91.1…

Howto deal with bad NTP-Client / Attacker?

Server operators

erayd November 1, 2023, 12:49am 5

How long does it do that for?

If it’s brief, I wouldn’t worry about it.

I have an automated ruleset on my edge firewall that deals with the larger offenders:

1 Like

Topic		Replies	Views
Ways to parse and filter invalid NTP traffic Server operators	2	476	May 2, 2022
Getting hit hard... 83.85.79.213 Server operators	1	1690	April 20, 2017
More abusive NTP clients, this time from Germany Server operators	13	783	April 12, 2024
Some client really can't behave Server operators	54	1600	December 18, 2023
Realistic max packets/sec per source IP? Server operators	21	1380	May 25, 2020

Howto deal with bad NTP-Client / Attacker?

Related topics