[ntp:questions] better rate limiting against amplification attacks?
nomail at example.com
Fri Dec 27 18:30:38 UTC 2013
Brian Utterback <brian.utterback at oracle.com> wrote:
> Not at all. I am asking the parameters of the attack. Is the current
> software solution sufficient to stop such attacks? If so, then the
> solution is for the servers to upgrade. Indeed, no solution we craft for
> the current software development will help sites that do not upgrade.
When the problem of reflection attacks can be solved by an upgrade,
that is a strong motive for people (and distributors!) to finally
But I am not aware of more finegrained rate limiting in the newest
version. Is there any?
> So, if the current software is subject to attack, is the attack always
> via mrulist or does the peer command also cause a problem? If it is
I don't know what methods exactly are used, I have not been a victim
myself yet. But in principle any UDP protocol that replies with much
larger packets than the request that triggers them is a potential
victim, as has already been shown with DNS as well.
More information about the questions