[Pool] New participant, big question

Mouse mouse at Rodents-Montreal.ORG
Sun Feb 9 15:07:13 UTC 2014


> To test my server, I went to another computer outside of the network
> and did a 'host time.cajuntechie.org' in ntpdc.  I then issued a few
> commands like monlist, peers, etc and I got a timeout every single
> time.  Does this mean my server is safe from the amplification attack
> or do I need to do more?

By my understanding, you should be OK.  Current amplification attacks
as I understand them depend on monlist queries, which amplify by a
factor of from 3 or 4 to somewhere up in the 450 range, depending on
how busy the machine in question is.  But I haven't made any particular
study of such things, so I could be rather off base.

I'm one of the people who gets abuse@ at at least one ISP and I saw an
abuse report that claimed an amplification factor of 456, without any
weasel words such as "up to".  So I tried it on my own machines and I
found the amplification factor ranged from about 4 to about half what
they claimed, depending on which machine I poked and on whether I
measured traffic volume at the IP layer or the Ethernet layer - not
what they claimed but certainly high enough to call for some kind of
alleviation.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse at rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


More information about the pool mailing list