[ntp:questions] NTP Denial of Service attack 29 November 2011

Uwe Klein uwe at klein-habertwedt.de
Wed Nov 30 13:14:07 UTC 2011


Danny Mayer wrote:
> On 11/30/2011 4:35 AM, Rob wrote:
> 
>>Danny Mayer <mayer at ntp.org> wrote:
>>
>>>On 11/29/2011 4:57 PM, Rich wrote:
>>>
>>>>>Isn't that a bit wide a range to block for only 4 IPs?
>>>>>What makes you think any further attacks will come from the same range?
>>>>>
>>>>
>>>>Only my 17 years experience at the stratum 1 level.  I see little
>>>>value in providing NTP to Asian Pacific networks from Washington, DC.
>>>
>>>
>>>I agree. Not following the rules of engagement for stratum 1/2 servers
>>>can mean you block all NTP traffic from those nodes or issuing
>>>occasional KOD packets to those nodes.
>>
>>Yes, sure.   But blocking an entire region because of 4 abusers?
> 
> 
> Yes. In this case they are not following the rules of engagement.
> Sending packets from another Continent doesn't make a lot of sense in
> any case.
> 
> Danny

I would be surprised if South Korea and the PRC work together in a DDOS attack.

uwe



More information about the questions mailing list