Filter NTP traffic by packet size?

• Previous message (by thread): Filter NTP traffic by packet size?
• Next message (by thread): Filter NTP traffic by packet size?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Feb 23, 2014, at 4:39 PM, James Braunegg <james.braunegg at micron21.com> wrote:
> 
> Dear All
> 
> I released a bit of a blog article last week about filtering NTP request traffic via packet size which might be of interest !
> 
> So far I known of an unknown tool makes a default request packet of 50 bytes in size
> ntpdos.py makes a default request packet of 60 bytes in size
> ntp_monlist.py makes a default request packet of 234 bytes in size
> monlist from ntpdc makes a default request packet of 234 bytes in size
> 
> In contrast a normal NTP request for a time sync is about 90 bytes in size
> 
> More information and some graphs can be found here  http://www.micron21.com/ddos-ntp.php
> 
> Kindest Regards
> 
>    
> James Braunegg

Do these .py's do anything else different to the query packets than "normal" ntp clients? (254TTL instead of the more common 63TTL for "normal" clients.)

• Previous message (by thread): Filter NTP traffic by packet size?
• Next message (by thread): Filter NTP traffic by packet size?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]