[ntp:questions] better rate limiting against amplification attacks?

A C agcarver+ntp at acarver.net
Thu Jan 9 00:19:57 UTC 2014


http://arstechnica.com/security/2014/01/dos-attacks-that-took-down-big-game-sites-abused-webs-time-synch-protocol/

Here's a live amplification attack at work.


On 12/29/2013 01:55, Terje Mathisen wrote:
> Steve Kostecke wrote:
>> On 2013-12-28, Terje Mathisen <terje.mathisen at tmsw.no> wrote:
>>
>>> Harlan Stenn wrote:
>>>
>>>> The other ones I'd really like help with. I definitely want to see
>>>> the network-related bugs fixed and 2367. I'd like to see some study
>>>> done on 2016. I'm game to let the other ones slide.
>>>
>>> I've just gone through 2367 and I have to join Brian's side:
>>>
>>> I.e. if somebody adds NOSERVE to a client it would be perfectly fine
>>> to let that override PEER or anything else: NOSERVE should only
>>> be used on a pure end-node client, with no sideways or downstream
>>> communication.
>>
>> This is a case of not being able to see the forest for the trees.
>>
> Please explain!
> 
> As I wrote in another post I believe the time is ripe for a sensible
> default builtin configuration, which can then be overridden with ntp.conf.
> 
> You suggestion in your previous message is very similar to what I
> wanted, i.e. the default is to have a pure client using the pool.
> 
> As soon as you start writing detailed ntp.conf options I want you to
> have the ability to shoot yourself in the foot, if that is your wish.
> 
> Terje
> 



More information about the questions mailing list