Recent NTP pool traffic increase

Laurent Dumont admin at
Mon Dec 19 18:29:19 UTC 2016

I also have a similar experience with an increased load.

I'm running a pretty basic Linode VPS and I had to fine tune a few 
things in order to deal with the increased traffic. I can clearly see a 
date around the 14-15 where my traffic increases to 3-4 times the usual 

I did a quick dump and in 60 seconds I was hit by slightly over 190K IPs

Weird stuff


On 12/17/2016 10:25 PM, Gary E. Miller wrote:
> Yo All!
> On Sat, 17 Dec 2016 17:54:55 -0800
> "Gary E. Miller" <gem at> wrote:
>> # tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"
>> And I do indeed get odd results.  Some on my local network...
> To follow up on my own post, so this can be promply laid to rest.
> After some discussion at NTPsec.  It seems that chronyd takes a lot
> of 'creative license' with RFC 5905 (NTPv4).  But it is not malicious,
> just 'odd', and not new.
> So, nothing see here, back to the hunt for the real cause of the new
> NTP traffic.
> ---------------------------------------------------------------------------
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
> 	gem at  Tel:+1 541 382 8588

More information about the NANOG mailing list