[ntp:questions] better rate limiting against amplification attacks?

Jochen Bern Jochen.Bern at LINworks.de
Fri Dec 27 22:50:55 UTC 2013


On 27 Dec 2013, Brian Utterback wrote:
> Is a peer list really a big problem? It generally doesn't make sense to 
> have much beyond 10 peers. Are there really a lot of servers with a lot 
> of peers?

If you mean to ask whether such a setup exists at all, here's a real
world example:

> # ntpdc -n -c monlist | wc -l
> 602

We ship appliances to SMBs whose factory-default setup points them to
this NTP server (i.e., no filtering by client IP). The local admin's
supposed to change the config to local NTP, SMTP, etc. etc. servers, but
not all of them do, to put it mildly. :-{

Typical? Certainly not. *Lots* of such servers? Hmmm, let's say
"possibly enough" (to still allow such attacks to happen unless they can
be prevented by careful configuration).

(FWIW, in the meantime, I added "nopeer", which I had initially left out
in favor of several "setvar ... default"s.)

Regards,
								J. Bern


More information about the questions mailing list