[193089] in North American Network Operators' Group
Re: Recent NTP pool traffic increase
daemon@ATHENA.MIT.EDU (Laurent Dumont)
Mon Dec 19 13:29:24 2016
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Laurent Dumont <admin@coldnorthadmin.com>
Date: Mon, 19 Dec 2016 13:29:19 -0500
In-Reply-To: <20161217192538.7b74386f@spidey.rellim.com>
Errors-To: nanog-bounces@nanog.org
I also have a similar experience with an increased load.
I'm running a pretty basic Linode VPS and I had to fine tune a few
things in order to deal with the increased traffic. I can clearly see a
date around the 14-15 where my traffic increases to 3-4 times the usual
amounts.
I did a quick dump and in 60 seconds I was hit by slightly over 190K IPs
http://i.imgur.com/mygYINk.png
Weird stuff
Laurent
On 12/17/2016 10:25 PM, Gary E. Miller wrote:
> Yo All!
>
> On Sat, 17 Dec 2016 17:54:55 -0800
> "Gary E. Miller" <gem@rellim.com> wrote:
>
>> # tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"
>>
>> And I do indeed get odd results. Some on my local network...
> To follow up on my own post, so this can be promply laid to rest.
>
> After some discussion at NTPsec. It seems that chronyd takes a lot
> of 'creative license' with RFC 5905 (NTPv4). But it is not malicious,
> just 'odd', and not new.
>
> So, nothing see here, back to the hunt for the real cause of the new
> NTP traffic.
>
> RGDS
> GARY
> ---------------------------------------------------------------------------
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
> gem@rellim.com Tel:+1 541 382 8588
