[opensuse] another ntp issue
I presume there is not much I can do, but I noticed I get 10,000 ntp packets each 35 seconds. They can not do any harm, as I don't listen on my public interface (according to nmap). My firewall drops them immediately, but my line chokes on them... Hans -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-03-17 23:46, Hans Witvliet wrote:
I presume there is not much I can do,
but I noticed I get 10,000 ntp packets each 35 seconds. They can not do any harm, as I don't listen on my public interface (according to nmap).
My firewall drops them immediately, but my line chokes on them...
Weird. Are you using dynamic outside IP, or fixed? If dynamic, perhaps you have currently an IP that was previously owned by another server that was listed under *.pool.ntp.org If your IP is fixed, the only method I know is getting your ISP to drop them. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-03-18 09:42, Carlos E. R. wrote:
On 2016-03-17 23:46, Hans Witvliet wrote:
I presume there is not much I can do,
but I noticed I get 10,000 ntp packets each 35 seconds. They can not do any harm, as I don't listen on my public interface (according to nmap).
My firewall drops them immediately, but my line chokes on them...
Weird.
Scatter from a DDOS attack?
Are you using dynamic outside IP, or fixed? If dynamic, perhaps you have currently an IP that was previously owned by another server that was listed under *.pool.ntp.org
If your IP is fixed, the only method I know is getting your ISP to drop them.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 2016-03-18 at 10:05 +0000, Dave Howorth wrote:
On 2016-03-18 09:42, Carlos E. R. wrote:
On 2016-03-17 23:46, Hans Witvliet wrote:
I presume there is not much I can do,
but I noticed I get 10,000 ntp packets each 35 seconds. They can not do any harm, as I don't listen on my public interface (according to nmap).
My firewall drops them immediately, but my line chokes on them...
Weird.
Scatter from a DDOS attack?
Are you using dynamic outside IP, or fixed? If dynamic, perhaps you have currently an IP that was previously owned by another server that was listed under *.pool.ntp.org
If your IP is fixed, the only method I know is getting your ISP to drop them.
Indeed, i have a fixed /29 and see it on all addresses. Right now the storm is over. Looking at the addresses they came from San Diego, Odessa, Dhaka, Rotterdam, Surgut and Celldömölk. Have seen it before, but never as bad as last week. Hans -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hans Witvliet wrote:
On Fri, 2016-03-18 at 10:05 +0000, Dave Howorth wrote:
On 2016-03-18 09:42, Carlos E. R. wrote:
On 2016-03-17 23:46, Hans Witvliet wrote:
I presume there is not much I can do,
but I noticed I get 10,000 ntp packets each 35 seconds. They can not do any harm, as I don't listen on my public interface (according to nmap).
My firewall drops them immediately, but my line chokes on them...
Weird.
Scatter from a DDOS attack?
Are you using dynamic outside IP, or fixed? If dynamic, perhaps you have currently an IP that was previously owned by another server that was listed under *.pool.ntp.org
If your IP is fixed, the only method I know is getting your ISP to drop them.
Indeed, i have a fixed /29 and see it on all addresses. Right now the storm is over.
Looking at the addresses they came from San Diego, Odessa, Dhaka, Rotterdam, Surgut and Celldömölk.
Have seen it before, but never as bad as last week.
Since the beginning of March, we have seen apparent attacks directed at port 6113: (dates and number of dropped packets): [2016-03-05] => 5440 [2016-03-06] => 85393 [2016-03-12] => 57050 [2016-03-13] => 29214 [2016-03-18] => 12 [2016-03-19] => 105706 Today only 5-6/second. -- Per Jessen, Zürich (12.9°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
Since the beginning of March, we have seen apparent attacks directed at port 6113: (dates and number of dropped packets):
[2016-03-05] => 5440 [2016-03-06] => 85393 [2016-03-12] => 57050 [2016-03-13] => 29214 [2016-03-18] => 12 [2016-03-19] => 105706
Today only 5-6/second.
At first I thought this might be time related, but apparently port 6113 is being used by Starcraft for voice chat. Not sure why anyone would want to chat with my firewall. -- Per Jessen, Zürich (13.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Carlos E. R. -
Dave Howorth -
Hans Witvliet -
Per Jessen