Recent NTP pool traffic increase
dan-nanog at drown.org
Fri Dec 16 03:09:58 UTC 2016
Quoting Roland Dobbins <rdobbins at arbor.net>:
> Do you have flow telemetry, which provides a lot more information
> than basic pps/bps stats?
Sources are pretty widely spread out among cell networks/home
internet, seem to be mostly US based. I'm not seeing a large amount
of traffic per single IP or single subnet. This seems more like
"someone pushed out bad firmware" rather than something malicious.
> Are you seeing normal timesync queries, or lots of level-6/level-7
> admin command attempts?
SNTP Client timesync queries make up 91.3% of the traffic to my server.
The following NTP settings being most the popular (47% of all traffic
to my server):
stratum=0, poll=4, precision=-6, root delay=1, root dispersion=1,
reference timestamp=0, originator timestamp=0,
More information about the NANOG