[Pool] New participant, big question
David J Taylor
david-taylor at blueyonder.co.uk
Mon Feb 10 10:42:17 UTC 2014
From: Andreas Krüger
> Now that amplification is established, I hope everyone is updating....
What's behind your writing that?
I was thinking that the usual "restrict" line would be enough
to solve the problem. And that can be done (and has been
standard practice for most non-mice :-) ), with
not-so-current versions of ntpd.
I throw in rate-limiting. So my server can also not be used
for "reflection" attacks. Where some rogue client floods
my server with normal "ask the time" requests
with forged sender (the victim's IP). The victim would
see a flood of answers regarding questions it never asked.
This kind of attack provides no amplification, but hides
the attacker's IP, from the victim's point of view.
This is just a personal precaution. I have not heard
un-amplified reflection actually takes place.
(If I were an attacker, I would not consider it worth the trouble.)
But then, I don't follow those details too closely.
But even with my dated version of ntpd, given what
I learned in the recent discussion here on the list,
I consider myself safe unless 600+ such attacks
attempt to use my server against 600+ different
Am I missing anything, in your opinion?
What was behind my message was simply that discussions about how much
amplification may be produced, while interesting, don't contribute a lot to
solving the problem compared to the (I hope simple) step of upgrading NTP.
If changing restrict lines or adding rate limiting is easier, go for it.
Your own precautions may well help against attacks of an as yet unknown
SatSignal Software - Quality software written to your requirements
Email: david-taylor at blueyonder.co.uk
More information about the pool