[sorry this took me so long to reply to] > hi, can someone please describe and explain how the ntp attack works? bro > has it under it's "example attacks" directory... It's a buffer overflow attack. The common NTP implementation has an upper bound on the size of a message it expects to receive. Vern