[ntp:questions] NTP Denial of Service attack 29 November 2011

Danny Mayer mayer at ntp.org
Wed Nov 30 22:34:21 UTC 2011


On 11/30/2011 12:26 PM, Rob wrote:
> unruh <unruh at invalid.ca> wrote:
>> On 2011-11-30, Rob <nomail at example.com> wrote:
>>> Danny Mayer <mayer at ntp.org> wrote:
>>>> On 11/29/2011 4:57 PM, Rich wrote:
>>>>>
>>>>>> Isn't that a bit wide a range to block for only 4 IPs?
>>>>>> What makes you think any further attacks will come from the same range?
>>>>>>
>>>>> Only my 17 years experience at the stratum 1 level.  I see little
>>>>> value in providing NTP to Asian Pacific networks from Washington, DC.
>>>>
>>>>
>>>> I agree. Not following the rules of engagement for stratum 1/2 servers
>>>> can mean you block all NTP traffic from those nodes or issuing
>>>> occasional KOD packets to those nodes.
>>>
>>> Yes, sure.   But blocking an entire region because of 4 abusers?
>>
>> Why not. As he says, he sees no reason to supply time to somewhere half
>> a world away. It would be lousy time anyway. And if providing it causes
>> trouble as well, that makes the decision easy. 
> 
> He does not only block entire /8 networks based on his own evaluation
> of the value of his service to people in those networks, he also advises
> others to do the same.
> 
> That means he is not really concerned that the time service of his server
> would be of no value to those people; he just wants to deprive the
> people of that network from all NTP service.
> 
> I think it is disgusting.  Hackers live everywhere, also in the USA.
> Cutting off a whole region from NTP service is not going to solve that.
> When they really are after his service, the hackers will quickly find
> a network from where they can DOS his server and which he cannot cut
> off so lightheartedly at /8 level.
> 
> But the worst is his recommendation to others to do the same.
> Everyone can decide what networks to block on his servers based on his
> own personal judgement and service criteria.  But recommending others
> to blindly follow that is well over the line of acceptable.

Rich works for the US Military and as such he can decide what's best for
the US Military. His recommendations to others are just that. As for
Hackers, if this was being sent from the different places in the US it
would have been a different decision and recommendation. The FBI would
also be out investigating. They still may be.

Danny



More information about the questions mailing list