NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Unusual outbound traffic on NetBSD 5_Stable Firewall



> "Eric Schnoebelen" <eric%cirr.com@localhost> writes:
> yancm%SDF.ORG@localhost writes:
> - Just recently my network started coming to a crawl and I noticed high
> - outbound traffic on my outward facing interface wm0 with no reciprocal
> - traffic from my home network on wm1.
> It sounds a bit like an amplification attack..
> Are you running ntp on the firewall?  Is it allowing/accepting
> connections from the public network?
> I ask because I've seen several of my own systems used as amplifiers
> in NTP amplification DDOS attacks on others.  (in the process,
> saturating my uplinks, effectively DOSing my networks.. :( )

Yes, ntpd, promiscuous...bad me...

Eric, yourself and Martin Husemann both pointed to the same thing.
I killed the process and added the flag -I wm1 so it only listens
inside as intended. I saw an immediate drop in traffic so it looks
like my ntp was being use as you say.

thanks to both of you for the quick responses!





Home | Main Index | Thread Index | Old Index