|
|
|
|
|
|
by linsomniac
3109 days ago
|
|
|
I ran a public NTP server for around a decade. I finally stopped, but these sorts of vendor abuse weren't the reason why. We started running them before the NTP pool (though we eventually did include our servers in the pool). The worst it got was a largish regional ISP had put our servers in their CPE, and one day they had an event where they rebooted all of their CPE at once. That caused a noticeable spike in our network traffic. The real DDoS that caused us to stop offering public DNS service was: misguided network admins. The week I had the second network admin calling me, asking why my network was attacking their network, and then started yelling at me over the phone and hung up in a huge huff. He had installed some sort of IDS and it was triggering on NTP traffic, and rather than investigate it he just called our emergency hotline and got me out of bed to deal with it. "Those packets you are receiving are in response to packets you are sending our NTP server asking for the time." was not the answer he was looking for I guess. :-( Honestly, I was already mad from being woken up (the emergency hotline says it is for service outages only), and that it was the second call that week on it. So I take some blame in the call not going well. But this dude never stopped yelling at me. The problem with running a public service is: The administration doesn't scale with the number of users. |
|
|