[Pool] New participant, big question

David J Taylor david-taylor at blueyonder.co.uk
Mon Feb 10 10:42:17 UTC 2014

From: Andreas Krüger

Hello, David,

> Now that amplification is established, I hope everyone is updating....

What's behind your writing that?

I was thinking that the usual "restrict" line would be enough
to solve the problem. And that can be done (and has been
standard practice for most non-mice :-) ), with
not-so-current versions of ntpd.

I throw in rate-limiting.  So my server can also not be used
for "reflection" attacks.  Where some rogue client floods
my server with normal "ask the time" requests
with forged sender (the victim's IP). The victim would
see a flood of answers regarding questions it never asked.
This kind of attack provides no amplification, but hides
the attacker's IP, from the victim's point of view.

This is just a personal precaution.  I have not heard
un-amplified reflection actually takes place.
(If I were an attacker, I would not consider it worth the trouble.)
But then, I don't follow those details too closely.

But even with my dated version of ntpd, given what
I learned in the recent discussion here on the list,
I consider myself safe unless 600+ such attacks
attempt to use my server against 600+ different
victims simultaneously.

Am I missing anything, in your opinion?

Regards, Andreas

What was behind my message was simply that discussions about how much 
amplification may be produced, while interesting, don't contribute a lot to 
solving the problem compared to the (I hope simple) step of upgrading NTP. 
If changing restrict lines or adding rate limiting is easier, go for it.

Your own precautions may well help against attacks of an as yet unknown 

SatSignal Software - Quality software written to your requirements
Web: http://www.satsignal.eu
Email: david-taylor at blueyonder.co.uk 

More information about the pool mailing list