[Pool] BBC News article about NTP...

Rob Janssen rob at knoware.nl
Tue Feb 11 16:58:03 UTC 2014


Rich Smith wrote:
> Huge hack 'is ugly sign of future'
> http://www.bbc.co.uk/news/technology-26136774
>
> Heh... Hackers using NTP
> Explains the "lots of traffic" posts on this list in recent days
>
> Rich
>

Yet again the focus is on NTP as the mechanism used in the attack.
However, this is unwarranted.  The problem is not NTP, the problem is the lack of
source address filtering.   Systems on the internet should be only allowed to send
traffic with their own address as source address.  Any other traffic should be dropped
by the first router they talk to.
This is easily arranged, only it is work to do without any direct payback for the ISP.
Therefore the ISPs are reluctant to take it on.

I propose that the existance of an ISP without source address filtering is handled by
a reputation system similar to what was brought in place to bring down open SMTP relays,
another thing that was once a common practice and that needed to be shut down
because they were being abused by miscreants.

Just disconnect every provider that refuses to set up source address filtering until
they give in.  No source address filtering?  No traffic from you. Period.

This will end this and many similar DDOS issues.  Allowing spoofed traffic is just not
acceptable anymore on the internet.
Just fixing NTP doesn't cut it, as many other protcols, even TCP, provide reflection.

Rob


More information about the pool mailing list