[ntp:questions] better rate limiting against amplification attacks?

David Woolley david at ex.djwhome.demon.invalid
Wed Jan 15 07:55:52 UTC 2014


On 27/12/13 10:24, Rob wrote:
> What is the NTP developers position on implementation of better
> rate limiting options in ntpd?
>
> There are more and more amplification attacks against ntp servers,
> similar to those against open DNS resolvers.  A small packet sent
> with a spoofed source address (allowed by a lame ISP) results in
> a large reply from ntpd, sent to the victim of the attack.

CERT have just issued an alert about the monlist attack: 
<https://www.us-cert.gov/ncas/alerts/TA14-013A> (TA14-013A: NTP 
Amplification Attacks Using CVE-2013-5211).   The advice is upgrade or 
use restrict.



More information about the questions mailing list