[ntp:questions] better rate limiting against amplification attacks?

Harlan Stenn stenn at ntp.org
Sun Dec 29 00:16:39 UTC 2013


As I recall from my discussions with DLM, we all agree that the current
code goes "too far" and needs to be changed.

DLM's point (OK, more properly, my recollection is that DLM's point) is
that he's concerned that Brian's fix is a bit "too early" and doing it
that way will open the door to more problems from carefully-crafted
malicious packets.  This is what I'm saying in
https://bugs.ntp.org/show_bug.cgi?id=2367#c9 .

The reason this and all of the other open bugs haven't been fixed yet is
because of lack of resources - there is *way* more work than the current
number of volunteers can handle and there isn't enough $ to let me hire
folks to work on these things.

If Network Time Foundation got US$2, once, for every device that uses
NTP we could fund the ongoing maintenance of and development for NTP off
of the earned interest.  This is a thumbnail estimate.

Over the past 3 years' time we've raised about $US0.0003 per device per
year, and the vast majority of the funds we raised came from only 3
companies.  If we can generate enough smaller support from lots of other
sources we'll be fine, and we need to double our current funding to be
able to hire folks to begin that effort.  This is what I've been working
on doing for the past 3 years' time, in addition to my "pure" NTP work.

Terje, you and many other folks have actively helped make NTP a really
awesome project, and I greatly appreciate your efforts and the efforts
of the other contributors.  Folks have contributed code, joined NTF as
individual members, and made cash donations.  This is all incredibly
helpful, and all I'm saying is that NTF needs to find a way to
significantly increase the level of support it's getting in order to
keep up the effort.
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!

More information about the questions mailing list