[ntp:questions] Very rapid polling
Unruh
unruh-spam at physics.ubc.ca
Mon Feb 23 18:12:40 UTC 2009
jlevine <jlevine at boulder.nist.gov> writes:
>Thanks to all of you who responded to my initial post regarding very
>rapid
>polling. I have fixed this particular instance with some cooperation
>from the
>ISP. However, the generic problem remains and is likely to re-appear.
Could you tell us what the problem was? Was it an attack or a
misconfiguration or a bug in some program?
>I don't know of a good general solution to this problem because:
> 1. the KOD packets are generally not effective. Either the remote
>software
>does not recognize them or it chooses to ignore them. The KOD method
>obviously would not work against an attack.
> 2. Sending any reply at all doubles the network traffic and makes
>an
>attack more effective. Therefore, all of the NIST servers log the
>event and
>the source ip but do not respond. I think it is not appropriate for a
>national
>timing laboratory to knowingly send the wrong time.
> 3. This sort of stuff is really more general than NTP -- denial of
>service
>attacks can use many different protocols and a more general network
>solution is going to be needed.
> 4. A serious denial-of-service attack probably requires a botnet to
>cause
>real trouble, and fixing that problem might reduce the impact of all
>denial
>of service attacks.
>Judah Levine
>Time and Frequency Division
>NIST Boulder
More information about the questions
mailing list