[ntp:questions] London Metro newspaper misrepresent NTP amplification attack.

tobi tobster at brain-force.ch
Fri Mar 7 21:06:43 UTC 2014


I use the following iptables rule to drop those monlist pakets on my gatways
<<
-A INPUT -p udp -dport 123 -m u32 --u32 0x0>>0x16&0x3c at 0x8&0xff=0x2a -j DROP
 >>
should drop all NTP pakets with request code 42
Am 13.02.2014 09:52, schrieb Terje Mathisen:
> David Woolley wrote:
>> On 12/02/14 21:43, Terje Mathisen wrote:
>>> David Woolley wrote:
>>>> In this article, which also appeared in the paper version this
>>>> morning, they suggest that normal NTP time requests result in a much
>>>> larger response than the request.
>>>>
>>>> http://metro.co.uk/2014/02/11/the-start-of-ugly-things-to-come-hackers-flood-european-servers-in-biggest-computer-attack-of-its-kind-4300395/ 
>>>>
>>>>
>>>>
>>>>
>>>>
>>> There was no comment section for that article and no documented way to
>>> reach the author so I gave up on sending in a correction. :-(
>>>
>>
>> I thought I found a comment box, but you needed to be signed up with a
>> social networking service to use it.
>>
>> In any case, the problem in getting anything actually printed is that
>> you have to write it in a way that is interesting to the non-technical.
>>
> I already wrote such a comment for the Slashdot article about the same 
> issue:
>
> http://slashdot.org/comments.pl?sid=4776427&cid=46215895
>
> Terje
>



More information about the questions mailing list