[Pool] DDoS Type Attack

Matt Wagner mwaggy at gmail.com
Sat Feb 15 22:04:50 UTC 2014


On Sat, Feb 15, 2014 at 9:20 AM, Andreas Krüger <timekeeper at famsik.de>wrote:

> Hello, Hassan,
>
> if your server is intended to be a _public_ server, that is, reachable
> from outside
> your own private network, you should not restrict requests to source
> port 123.
>
> I disagree with Mouse's position that one need not bother to serve clients
> behind NAT. (From where I come from, I consider that a minority and rather
> extreme position.)
>
> If another argument is still needed, blocking requests with source port
> different from 123 essentially says: The common "ntpdate" utility generates
> illegitimate traffic when operated with "-d".
>

Thanks to a friend for digging up the relevant portion of the RFC:

http://tools.ietf.org/html/rfc958#appendix-A

The source port only needs to be 123 in symmetric mode. Blocking requests
with a source port of 123 isn't choosing to accommodate NAT; it has little
to
do with NAT. It's ignoring the RFC and dropping requests from legitimate
clients that don't set up a symmetric association.


More information about the pool mailing list