[ntp:questions] NTP Denial of Service attack 29 November 2011

Rob nomail at example.com
Wed Nov 30 13:49:24 UTC 2011

Danny Mayer <mayer at ntp.org> wrote:
> On 11/30/2011 4:35 AM, Rob wrote:
>> Danny Mayer <mayer at ntp.org> wrote:
>>> On 11/29/2011 4:57 PM, Rich wrote:
>>>>> Isn't that a bit wide a range to block for only 4 IPs?
>>>>> What makes you think any further attacks will come from the same range?
>>>> Only my 17 years experience at the stratum 1 level.  I see little
>>>> value in providing NTP to Asian Pacific networks from Washington, DC.
>>> I agree. Not following the rules of engagement for stratum 1/2 servers
>>> can mean you block all NTP traffic from those nodes or issuing
>>> occasional KOD packets to those nodes.
>> Yes, sure.   But blocking an entire region because of 4 abusers?
> Yes. In this case they are not following the rules of engagement.
> Sending packets from another Continent doesn't make a lot of sense in
> any case.
> Danny

You must be quite naive when you think that there is a "they" that
work together in a /8 network range and that are following a common
strategy and/or objective.

But when you think your server should be open only to users of a single
continent, please use ALLOW rather than DENY rules.

More information about the questions mailing list