[ntp:questions] better rate limiting against amplification attacks?

William Unruh unruh at invalid.ca
Wed Jan 15 22:49:02 UTC 2014

On 2014-01-15, Harlan Stenn <stenn at ntp.org> wrote:
> William Unruh writes:
>> Why does nptd not disable external monitoring or command by default.
>> That way if someone wants to allow it, they have to actively do so,
>> presumably knowing what they are doing.
> Because there is clear value in the monitoring information being made
> generally available.

Especially to generators of DOS attacks. 
Why should the world know, by default, all of the details of your
particular ntpd installation?

> We provide a sufficiently robust mechanism to handle the various
> options.

> It's not our place to dictate the local policy choice of how the
> mechanism is configured.

It IS your place to set up reasonable defaults. Now, what is reasonable
can of course be argued about, but given the DOS attacks, the current
default are starting to look unreasonable. 

> On the one hand we can change the default from "open" to "closed", and
> then create a whole bunch of work for a lot of people to address that
> policy change.  Some work should likely happen regardless - the issue
> goes to "who and how many will have to do the work" for each choice.

Sorry, what fraction of the users of ntpd care if it is open or closed?
I suspect that is small. In that case closed seems a more reasonable
option than open. 

> http://en.wikipedia.org/wiki/The_Chicken_and_the_Pig

More information about the questions mailing list