[ntp:questions] Local (own site) NTP servers.

Richard B. Gilbert rgilbert88 at comcast.net
Fri Jul 24 13:28:36 UTC 2009


David Woolley wrote:
> Hal Murray wrote:
> 
>>
>> Please see:
>>   http://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
> 
> Although probably true about this case, a quick skim makes me think that 
> this article breaks the Original Research rules for Wikipedia.  I think 
> any one incident would be borderline on the rule, but associating the 
> incidents without a source for the analysis of their releationship seems 
> to me to be over the line.

Both incidents are well known.  Their only "relationship" was in having 
a poorly designed and/or a poorly implemented NTP client which caused 
particular servers to be bombarded with thousands of requests per second.

The "fix" was adding to the RFC a requirement that a client failing to 
get a reply "back off" exponentially; e.g. if you don't get a reply, 
double the interval between requests!  If this is correctly implemented 
it results in the client increasing the interval between requests until 
queries are sent at intervals of 1024 seconds.

There is also a "Kiss of Death" packet which will cause a conforming 
implementation to cease polling the server issuing the K.O.D.

At this point, anyone who causes a repeat incident risks being laughed 
off the planet!!

I'd make a small bet that there will be another incident!  Never 
underestimate the power of human stupidity!!




More information about the questions mailing list