Finding abusive NTP clients

Gary E. Miller gem at rellim.com
Sat Apr 16 21:58:17 UTC 2016


Yo Hal!

On Sat, 16 Apr 2016 12:46:13 -0700
Hal Murray <hmurray at megapathdsl.net> wrote:

> >      1   0.51  1f0 L 3 3 2877243 18012 202.136.171.166
> >      0   1.14  1f0 L 3 4 1282569 54878 52.74.115.126   
> 
> Wow!  The bottom two take the record.  If I read that right, they
> have been hammering away for over 2 weeks.

Just as likely those are the victims, not the abusers.

AFAIK the 52.74.115.126 is not even up now.  The 202.136.171.166 will
answer ping, but has no common open TCP or UDP ports.

And do not expect to get any reply from NTT or AWS.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160416/0b8e37ad/attachment.bin>


More information about the devel mailing list