[ntp:questions] NTP Denial of Service attack 29 November 2011

unruh unruh at invalid.ca
Wed Nov 30 17:18:16 UTC 2011


On 2011-11-30, Rob <nomail at example.com> wrote:
> Danny Mayer <mayer at ntp.org> wrote:
>> On 11/29/2011 4:57 PM, Rich wrote:
>>> 
>>>> Isn't that a bit wide a range to block for only 4 IPs?
>>>> What makes you think any further attacks will come from the same range?
>>>>
>>> Only my 17 years experience at the stratum 1 level.  I see little
>>> value in providing NTP to Asian Pacific networks from Washington, DC.
>>
>>
>> I agree. Not following the rules of engagement for stratum 1/2 servers
>> can mean you block all NTP traffic from those nodes or issuing
>> occasional KOD packets to those nodes.
>
> Yes, sure.   But blocking an entire region because of 4 abusers?

Why not. As he says, he sees no reason to supply time to somewhere half
a world away. It would be lousy time anyway. And if providing it causes
trouble as well, that makes the decision easy. 



More information about the questions mailing list