On Feb 23, 2014, at 4:39 PM, James Braunegg <james.braunegg@micron21.com> wrote:
Dear All
I released a bit of a blog article last week about filtering NTP request traffic via packet size which might be of interest !
So far I known of an unknown tool makes a default request packet of 50 bytes in size ntpdos.py makes a default request packet of 60 bytes in size ntp_monlist.py makes a default request packet of 234 bytes in size monlist from ntpdc makes a default request packet of 234 bytes in size
In contrast a normal NTP request for a time sync is about 90 bytes in size
More information and some graphs can be found here http://www.micron21.com/ddos-ntp.php
Kindest Regards
James Braunegg
Do these .py's do anything else different to the query packets than "normal" ntp clients? (254TTL instead of the more common 63TTL for "normal" clients.)