Recent NTP pool traffic increase

Laurent Dumont admin at coldnorthadmin.com
Mon Dec 19 18:29:19 UTC 2016


I also have a similar experience with an increased load.

I'm running a pretty basic Linode VPS and I had to fine tune a few 
things in order to deal with the increased traffic. I can clearly see a 
date around the 14-15 where my traffic increases to 3-4 times the usual 
amounts.

I did a quick dump and in 60 seconds I was hit by slightly over 190K IPs

http://i.imgur.com/mygYINk.png

Weird stuff

Laurent


On 12/17/2016 10:25 PM, Gary E. Miller wrote:
> Yo All!
>
> On Sat, 17 Dec 2016 17:54:55 -0800
> "Gary E. Miller" <gem at rellim.com> wrote:
>
>> # tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"
>>
>> And I do indeed get odd results.  Some on my local network...
> To follow up on my own post, so this can be promply laid to rest.
>
> After some discussion at NTPsec.  It seems that chronyd takes a lot
> of 'creative license' with RFC 5905 (NTPv4).  But it is not malicious,
> just 'odd', and not new.
>
> So, nothing see here, back to the hunt for the real cause of the new
> NTP traffic.
>
> RGDS
> GARY
> ---------------------------------------------------------------------------
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
> 	gem at rellim.com  Tel:+1 541 382 8588



More information about the NANOG mailing list