[c-nsp] NTP DDoS
Phil Mayers
p.mayers at imperial.ac.uk
Tue Feb 18 05:48:47 EST 2014
On 18/02/14 09:20, Dobbins, Roland wrote:
>
> On Feb 18, 2014, at 2:15 PM, Aaron <aaron1 at gvtc.com> wrote:
>
>> Usually nfsen seems to be pretty accurate, is there a reason for
>> that ~40 gbps reading during that ntp attack ?
>
> Have you set your active flow timer to 60s/1m, so as to avoid
> backlogged spikes?
AFAIK nfdump uses the start/end time in the flows to calculate pps, so
would this matter? Or is it a result of the sampling maths?
More information about the cisco-nsp
mailing list