[ntp:questions] better rate limiting against amplification attacks?
Terje Mathisen
terje.mathisen at tmsw.no
Sun Dec 29 09:55:50 UTC 2013
Steve Kostecke wrote:
> On 2013-12-28, Terje Mathisen <terje.mathisen at tmsw.no> wrote:
>
>> Harlan Stenn wrote:
>>
>>> The other ones I'd really like help with. I definitely want to see
>>> the network-related bugs fixed and 2367. I'd like to see some study
>>> done on 2016. I'm game to let the other ones slide.
>>
>> I've just gone through 2367 and I have to join Brian's side:
>>
>> I.e. if somebody adds NOSERVE to a client it would be perfectly fine
>> to let that override PEER or anything else: NOSERVE should only
>> be used on a pure end-node client, with no sideways or downstream
>> communication.
>
> This is a case of not being able to see the forest for the trees.
>
Please explain!
As I wrote in another post I believe the time is ripe for a sensible
default builtin configuration, which can then be overridden with ntp.conf.
You suggestion in your previous message is very similar to what I
wanted, i.e. the default is to have a pure client using the pool.
As soon as you start writing detailed ntp.conf options I want you to
have the ability to shoot yourself in the foot, if that is your wish.
Terje
--
- <Terje.Mathisen at tmsw.no>
"almost all programming can be viewed as an exercise in caching"
More information about the questions
mailing list