[ntp:questions] better rate limiting against amplification attacks?

A C agcarver+ntp at acarver.net
Thu Jan 9 00:19:57 UTC 2014


Here's a live amplification attack at work.

On 12/29/2013 01:55, Terje Mathisen wrote:
> Steve Kostecke wrote:
>> On 2013-12-28, Terje Mathisen <terje.mathisen at tmsw.no> wrote:
>>> Harlan Stenn wrote:
>>>> The other ones I'd really like help with. I definitely want to see
>>>> the network-related bugs fixed and 2367. I'd like to see some study
>>>> done on 2016. I'm game to let the other ones slide.
>>> I've just gone through 2367 and I have to join Brian's side:
>>> I.e. if somebody adds NOSERVE to a client it would be perfectly fine
>>> to let that override PEER or anything else: NOSERVE should only
>>> be used on a pure end-node client, with no sideways or downstream
>>> communication.
>> This is a case of not being able to see the forest for the trees.
> Please explain!
> As I wrote in another post I believe the time is ripe for a sensible
> default builtin configuration, which can then be overridden with ntp.conf.
> You suggestion in your previous message is very similar to what I
> wanted, i.e. the default is to have a pure client using the pool.
> As soon as you start writing detailed ntp.conf options I want you to
> have the ability to shoot yourself in the foot, if that is your wish.
> Terje

More information about the questions mailing list