[Pool] New participant, big question

Andreas Krüger timekeeper at famsik.de
Mon Feb 10 08:58:36 UTC 2014


Hello, David,

> Now that amplification is established, I hope everyone is updating....

What's behind your writing that?

I was thinking that the usual "restrict" line would be enough
to solve the problem. And that can be done (and has been
standard practice for most non-mice :-) ), with
not-so-current versions of ntpd.

I throw in rate-limiting.  So my server can also not be used
for "reflection" attacks.  Where some rogue client floods
my server with normal "ask the time" requests
with forged sender (the victim's IP). The victim would
see a flood of answers regarding questions it never asked.
This kind of attack provides no amplification, but hides
the attacker's IP, from the victim's point of view.

This is just a personal precaution.  I have not heard
un-amplified reflection actually takes place.
(If I were an attacker, I would not consider it worth the trouble.)
But then, I don't follow those details too closely.

But even with my dated version of ntpd, given what
I learned in the recent discussion here on the list,
I consider myself safe unless 600+ such attacks
attempt to use my server against 600+ different
victims simultaneously.

Am I missing anything, in your opinion?

Regards, Andreas


More information about the pool mailing list