I have a server in the Sg zone and I noticed there is an explosion of traffic in the last few weeks.
The server is a cheap VPS, which can handle about 20kpps at most. The pool speed was set to 50Mb and yesterday I set it to 25Mb. Still too much.
The number of servers in the zone didn’t change significantly.
Any idea what is going on there? Are other Asian zones impacted too? I don’t see anything in few European and North American zones.
From the large daily variations I assume most of the traffic comes from mobile apps. Maybe a popular one had an update recently, like the Snapchat incident few years ago?
EDIT: From values in the NTP requests it does indeed look like it is the same ios-ntp library. When looking at individual IP addresses, there is no apparent polling interval and ports are random. GeoIP says about 99% of the excessive traffic is coming from China.