[ntp:questions] Clogging defense

David L. Mills mills at udel.edu
Thu Nov 6 18:52:40 UTC 2003


USNO has installed the call-gap clogging defense feature in the latest
NTPv4 on all their public servers and reports it works well. Busy server
tick.usno.navy.mil has been victim of 2000-PPS attack by dirty rotten
scoundrels, which was why the feature was turned up. Just now it is
running at 440 PPS with one packet in five discarded by call-gap. With
the default parameters, a packet arriving less that one second after
another from the same IP address is nixed and a Kiss-o'-Death (KoD)
packet returned. However, KoD packets are rate limited to no more than
one per second in the aggregate. KoD packets from call-gap can be
recognized by a RATE kiss code. If anybody spots one of these, please


More information about the questions mailing list