Is there anything missing in my ntp.conf so ntpd can be used to DDoS?
Right now I got this:
restrict default kod nomodify notrap nopeer noquery
Because just a few days ago I almost killed my co-lo’s router with a
900 Mbit/s DDoS against some cn IPs. Example data from tcpdump that I got from
10:45:42.150376 IP myip.123 > 184.108.40.206.55699: NTPv2, Reserved, length 440
10:45:42.100010 IP myip.123 > 220.127.116.11.24292: NTPv2, Reserved, length 440
Right now ntp is blocked until I find the source of this problem.