[ntp:questions] better rate limiting against amplification attacks?

Rob nomail at example.com
Fri Dec 27 18:30:38 UTC 2013


Brian Utterback <brian.utterback at oracle.com> wrote:
> Not at all. I am asking the parameters of the attack. Is the current 
> software solution sufficient to stop such attacks? If so, then the 
> solution is for the servers to upgrade. Indeed, no solution we craft for 
> the current software development will help sites that do not upgrade.

When the problem of reflection attacks can be solved by an upgrade,
that is a strong motive for people (and distributors!) to finally
upgrade.
But I am not aware of more finegrained rate limiting in the newest
version.  Is there any?

> So, if the current software is subject to attack, is the attack always 
> via mrulist or does the peer command also cause a problem? If it is 

I don't know what methods exactly are used, I have not been a victim
myself yet.  But in principle any UDP protocol that replies with much
larger packets than the request that triggers them is a potential
victim, as has already been shown with DNS as well.



More information about the questions mailing list