On Friday 16 November 2007 11.29:56 Mario Iseli wrote:
Hi,
my 3 servers in my personal serverfarm are all listed in the ch.pool.ntp.org zone. As I think there are also other SwiNOG people running ntpd's for that project. For about 36 hours my firewall log is growing and growing, looks like a distributed attack from a botnet. Has anyone the same problem?
Hi
A while ago I noticed the same. They were all IP-Address from Turk Telecom. Apparently they have put the pool into the config or their customers ADSL or whatever router but their DNS are not round-robin, so if they 'reboot the internet' the timeserver whose address is listed first gets the full load.
Their abuse department is absolutely email-deaf. If you call them they're not able to find anyone speaking english.
The load dissolves after 48hours or so.
-Benoit-