Recent NTP pool traffic increase
Ask Bjørn Hansen
ask at develooper.com
Mon Dec 19 02:26:34 UTC 2016
> On Dec 15, 2016, at 14:45, Jose Gerardo Perales Soto <gerardo.perales at axtel.com.mx> wrote:
> We've recently experienced a traffic increase on the NTP queries to NTP pool project (pool.ntp.org) servers. One theory is that some service provider NTP infraestructure failed approximately 2 days ago and traffic is now being redirected to servers belonging to the NTP pool project.
It’s more widespread than a particular service provider, so it seems more likely it’s a software update for some “IoT” device or similar.
The increase in DNS queries was on the “non-vendor” names, so it’s difficult to know who it is without being on a local network with one of the bad device
The increase in DNS queries is much smaller than the increase in NTP queries that are being seen, so it’s not just more clients, but badly behaving ones. :-(
If you have NTP servers that can be added to the pool. it’d be greatly appreciated.
More information about the NANOG