[ntp:questions] better rate limiting against amplification attacks?

Terje Mathisen terje.mathisen at tmsw.no
Sun Dec 29 09:55:50 UTC 2013


Steve Kostecke wrote:
> On 2013-12-28, Terje Mathisen <terje.mathisen at tmsw.no> wrote:
>
>> Harlan Stenn wrote:
>>
>>> The other ones I'd really like help with. I definitely want to see
>>> the network-related bugs fixed and 2367. I'd like to see some study
>>> done on 2016. I'm game to let the other ones slide.
>>
>> I've just gone through 2367 and I have to join Brian's side:
>>
>> I.e. if somebody adds NOSERVE to a client it would be perfectly fine
>> to let that override PEER or anything else: NOSERVE should only
>> be used on a pure end-node client, with no sideways or downstream
>> communication.
>
> This is a case of not being able to see the forest for the trees.
>
Please explain!

As I wrote in another post I believe the time is ripe for a sensible 
default builtin configuration, which can then be overridden with ntp.conf.

You suggestion in your previous message is very similar to what I 
wanted, i.e. the default is to have a pure client using the pool.

As soon as you start writing detailed ntp.conf options I want you to 
have the ability to shoot yourself in the foot, if that is your wish.

Terje

-- 
- <Terje.Mathisen at tmsw.no>
"almost all programming can be viewed as an exercise in caching"



More information about the questions mailing list