[ntp:questions] London Metro newspaper misrepresent NTP amplification attack.
tobster at brain-force.ch
Fri Mar 7 21:06:43 UTC 2014
I use the following iptables rule to drop those monlist pakets on my gatways
-A INPUT -p udp -dport 123 -m u32 --u32 0x0>>0x16&0x3c at 0x8&0xff=0x2a -j DROP
should drop all NTP pakets with request code 42
Am 13.02.2014 09:52, schrieb Terje Mathisen:
> David Woolley wrote:
>> On 12/02/14 21:43, Terje Mathisen wrote:
>>> David Woolley wrote:
>>>> In this article, which also appeared in the paper version this
>>>> morning, they suggest that normal NTP time requests result in a much
>>>> larger response than the request.
>>> There was no comment section for that article and no documented way to
>>> reach the author so I gave up on sending in a correction. :-(
>> I thought I found a comment box, but you needed to be signed up with a
>> social networking service to use it.
>> In any case, the problem in getting anything actually printed is that
>> you have to write it in a way that is interesting to the non-technical.
> I already wrote such a comment for the Slashdot article about the same
More information about the questions