[193043] in North American Network Operators' Group
Re: Recent NTP pool traffic increase
daemon@ATHENA.MIT.EDU (Dan Drown)
Thu Dec 15 22:10:02 2016
X-Original-To: nanog@nanog.org
Date: Thu, 15 Dec 2016 21:09:58 -0600
From: Dan Drown <dan-nanog@drown.org>
To: nanog@nanog.org
In-Reply-To: <D0A3DDFE-522A-4665-92FD-EAD7D1417E18@arbor.net>
Errors-To: nanog-bounces@nanog.org
Quoting Roland Dobbins <rdobbins@arbor.net>:
> Do you have flow telemetry, which provides a lot more information
> than basic pps/bps stats?
Sources are pretty widely spread out among cell networks/home
internet, seem to be mostly US based. I'm not seeing a large amount
of traffic per single IP or single subnet. This seems more like
"someone pushed out bad firmware" rather than something malicious.
> Are you seeing normal timesync queries, or lots of level-6/level-7
> admin command attempts?
SNTP Client timesync queries make up 91.3% of the traffic to my server.
The following NTP settings being most the popular (47% of all traffic
to my server):
stratum=0, poll=4, precision=-6, root delay=1, root dispersion=1,
reference timestamp=0, originator timestamp=0,
receive timestamp=0
