I’m running a server in the pool, and it’s mostly a quiet place. But 3 to 4 days ago I started getting a coinsiderably high amount of requests from one host:
18:39:39.642792 IP (tos 0x10, ttl 59, id 33756, offset 0, flags [DF], proto UDP (17), length 76) 184.108.40.206.33417 > 220.127.116.11.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: (0), Stratum 0 (unspecified), poll 0 (1s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 2550007514.202855142 (1980/10/22 02:25:14) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 2550007514.202855142 (1980/10/22 02:25:14)
The hosts sends ~4k packets per sec at me. I’m not sure it expects any answer. At least my server is not sending any.
Just wanted to understand what can I do in this situation. Is it common? Is it ok to contact abuse email from whois data?
Thanks in advance.