[ntp:questions] NTP Denial of Service attack 29 November 2011

Danny Mayer mayer at ntp.org
Tue Nov 29 22:38:08 UTC 2011

On 11/29/2011 4:57 PM, Rich wrote:
>> Isn't that a bit wide a range to block for only 4 IPs?
>> What makes you think any further attacks will come from the same range?
> Only my 17 years experience at the stratum 1 level.  I see little
> value in providing NTP to Asian Pacific networks from Washington, DC.

I agree. Not following the rules of engagement for stratum 1/2 servers
can mean you block all NTP traffic from those nodes or issuing
occasional KOD packets to those nodes. It is also possible a vendor
thought it would be a great idea to hardcode some NTP server addresses
in their routers and switches. We've also see that happen too.


More information about the questions mailing list