Hello. I join to pool recently and I use mikrotik hap ac3 with RouterOS 7.1.5 as stratum 2 server, it works with NTPv4. It can deal even 1k pps easy and it won’t make a great CPU load. BTW I wanna filter some probably parasite traffic to my server. Right now I drop requests that goes over 20 per minute from same IP and drop if I receive more than 16 requests from same IP that not closed yet. I also see that requests may be with source port 123 and not with it. Shall I block requests with haven’t both ports as UDP 123 or them will be valid? Maybe I can did some more or less of features to filter NTP traffic?
Rate limiting, if enabled, needs to allow some percentage of requests to get a response in order to prevent DoS attacks on NTP clients where the attacker is spoofing the source address and sending requests at a high rate to prevent the real client from getting any responses.
Blocking requests with source port different than 123 is not a good idea. Most clients use a random source port.
Roger that about source port not 123. BTW I search for more intelligent ways to parse unwanted traffic in addition to packet rate limiting per IP. I just test amplification DDoS attack to my server with ~150Mbit width and it greatly overload hardware. Any ideas how to protect server from DDoS like this? First mind is a stupid limiting via total packets per second to NTP server. Maybe something more smart can be make too.