Realistic max packets/sec per source IP?

elljay · May 10, 2020, 8:21am

Good news about the firewall software update.

I went for a “quick and dirty” couple of lines in iptables. Similar rule for IPv6. The IPv4 rules gets a surprisingly high number of hits!

-A INPUT -p udp --destination-port 123 -d -m hashlimit --hashlimit-name ipv4-ntp-limit --hashlimit-above 3/s --hashlimit-burst 10 --hashlimit-mode srcip -j LOG --log-prefix "IPv4 NTP RL(3/s): "
-A INPUT -p udp --destination-port 123 -d -m hashlimit --hashlimit-name ipv4-ntp-limit --hashlimit-above 3/s --hashlimit-burst 10 --hashlimit-mode srcip -j DROP

NTPman · May 25, 2020, 6:49pm

My NTP reply packet rate limit is now 0 pckt/sec. Based on the syslog output of https://github.com/bruncsak/ntpflood-report a simple script puts into the iptables the DROP rule. It blocks only about 160 IP addresses.

Topic		Replies	Views
Are you seeing high rate, sustained NTP bursts coming from one IP address Server operators	0	484	February 7, 2024
Spikes in traffic the past couple days? Server operators	3	826	September 26, 2018
Howto deal with bad NTP-Client / Attacker? Server operators	51	1174	December 31, 2023
What is the expected bandwidth for an NTP server?	11	3529	October 2, 2019
Uncommon load question: many packets from one IP Server operators	6	747	November 7, 2021

Realistic max packets/sec per source IP?

Related Topics