[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Recent NTP pool traffic increase
I also have a similar experience with an increased load.
I'm running a pretty basic Linode VPS and I had to fine tune a few
things in order to deal with the increased traffic. I can clearly see a
date around the 14-15 where my traffic increases to 3-4 times the usual
amounts.
I did a quick dump and in 60 seconds I was hit by slightly over 190K IPs
http://i.imgur.com/mygYINk.png
Weird stuff
Laurent
On 12/17/2016 10:25 PM, Gary E. Miller wrote:
> Yo All!
>
> On Sat, 17 Dec 2016 17:54:55 -0800
> "Gary E. Miller" <gem at rellim.com> wrote:
>
>> # tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"
>>
>> And I do indeed get odd results. Some on my local network...
> To follow up on my own post, so this can be promply laid to rest.
>
> After some discussion at NTPsec. It seems that chronyd takes a lot
> of 'creative license' with RFC 5905 (NTPv4). But it is not malicious,
> just 'odd', and not new.
>
> So, nothing see here, back to the hunt for the real cause of the new
> NTP traffic.
>
> RGDS
> GARY
> ---------------------------------------------------------------------------
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
> gem at rellim.com Tel:+1 541 382 8588