[ntp:questions] London Metro newspaper misrepresent NTP amplification attack.
unruh at invalid.ca
Thu Feb 13 06:56:15 UTC 2014
On 2014-02-12, David Woolley <david at ex.djwhome.demon.invalid> wrote:
> In this article, which also appeared in the paper version this morning,
> they suggest that normal NTP time requests result in a much larger
> response than the request.
Normal time packets are AFAIK the same size going out or coming back.
Administration packets can be highly assymmetric (factors of 450 have
been claimed). I was spanked by the sysadmins at my Uni because I had
one ntpd server, and it was used in the DoS attack. Almost all of my
machines use chrony, and it was a lone holdout for testing. Since the
GPS 18 attached to it has died (both mine only lasted about 3 years) I
just took the ntpd off the air, and felt rather foolish, since I had
been the one that suggested that chrony be fixed ( and it has been by
make sure it does not amplify. And a week later I am the guilty party
At least with chrony the default was always not to reply to external
commands. ntpd had the default to reply which was a bit silly.
More information about the questions