[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Filter NTP traffic by packet size?

Subject: Filter NTP traffic by packet size?
From: sjt5atra at gmail.com (sjt5atra)
Date: Sun, 23 Feb 2014 18:38:52 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <CAB8g2zxHQa5s=JA=ajV6itLg_y+itLhVPdoRtOikUFS5qhcOVA@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <CA+E3k92tSRhzBbu5gEAAyfg63cq-2Et7BdKX6CHU9nL7ms53+w@mail.gmail.com> <CA+E3k91zKtd-OTBBzndam80_v2zhFPWsUgrrVA2J=uf97Y_EsQ@mail.gmail.com> <[email protected]> <[email protected]>

> On Feb 23, 2014, at 4:39 PM, James Braunegg <james.braunegg at micron21.com> wrote:
> 
> Dear All
> 
> I released a bit of a blog article last week about filtering NTP request traffic via packet size which might be of interest !
> 
> So far I known of an unknown tool makes a default request packet of 50 bytes in size
> ntpdos.py makes a default request packet of 60 bytes in size
> ntp_monlist.py makes a default request packet of 234 bytes in size
> monlist from ntpdc makes a default request packet of 234 bytes in size
> 
> In contrast a normal NTP request for a time sync is about 90 bytes in size
> 
> More information and some graphs can be found here  http://www.micron21.com/ddos-ntp.php
> 
> Kindest Regards
> 
>    
> James Braunegg

Do these .py's do anything else different to the query packets than "normal" ntp clients? (254TTL instead of the more common 63TTL for "normal" clients.)

References:
- Filter NTP traffic by packet size?
  - From: claffin at peer1.com (Chris Laffin)
- Filter NTP traffic by packet size?
  - From: swmike at swm.pp.se (Mikael Abrahamsson)
- Filter NTP traffic by packet size?
  - From: peter.phaal at gmail.com (Peter Phaal)
- Filter NTP traffic by packet size?
  - From: sthaug at nethelp.no (sthaug at nethelp.no)
- Filter NTP traffic by packet size?
  - From: lukasz at bromirski.net (Lukasz Bromirski)
- Filter NTP traffic by packet size?
  - From: george.herbert at gmail.com (George William Herbert)
- Filter NTP traffic by packet size?
  - From: royce at techsolvency.com (Royce Williams)
- Filter NTP traffic by packet size?
  - From: royce at techsolvency.com (Royce Williams)
- Filter NTP traffic by packet size?
  - From: joelja at bogus.com (joel jaeggli)
- Filter NTP traffic by packet size?
  - From: james.braunegg at micron21.com (James Braunegg)

Prev by Date: Filter NTP traffic by packet size?
Next by Date: Filter NTP traffic by packet size?
Previous by thread: Filter NTP traffic by packet size?
Next by thread: Filter NTP traffic by packet size?
Index(es):
- Date
- Thread