[Pool] DDoS Type Attack
mouse at Rodents-Montreal.ORG
Fri Feb 14 13:35:47 UTC 2014
>> it seems any remote client who needs to talk to our NTP servers on
>> UDP 123, must also originate the request from UDP 123.
>> Could someone confirm if this is correct? Or are we blocking
>> legitimate reqeusts as well?
> You are blocking legitimate requests as well. One example: traffic
> coming from behind NAT firewalls. NAT changes the source port to some
> other port.
Opinions differ on how `legitimate' such traffic is. My own stance is
that anyone doing NAT has earned any resulting brokenness by
deliberately corrupting packets in transit.
However, I don't think any spec calls for the use of port 123 on both
ends of NTP traffic, so even if you agree with my stance I see no
reason to think all non-123/123 traffic is due to NAT. That is, at
best you're using a heuristic that mostly works - no worse than any
other heuristic, but no better, either, really.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the pool