[ntp:questions] Very rapid polling

David Mills mills at udel.edu
Sun Feb 15 15:38:55 UTC 2009


Danny,

For clarification, the late code returns the KoD with client timestamps 
unchanged. No server timestamps are revealed.

Dave

Danny Mayer wrote:

>Eric wrote:
>  
>
>>On Tue, 10 Feb 2009 23:38:07 -0500, "Richard B. Gilbert"
>><rgilbert88 at comcast.net> wrote for the entire planet to see:
>>
>>    
>>
>>>Danny Mayer wrote:
>>>      
>>>
>>>>Eric wrote:
>>>>        
>>>>
>>>>>The only mitigation I can think of here is for NTP to not respond to
>>>>>excessive rate queries at all, or very infrequently, after the KOD.
>>>>>
>>>>>- Eric
>>>>>          
>>>>>
>>>>That's what the latest code does.
>>>>
>>>>Danny
>>>>        
>>>>
>>>If ntpd responds to such DOS attacks with the WRONG YEAR or random 
>>>date-times, it might discourage the perpetrators.
>>>      
>>>
>>Not really.  If it's really a DDoS attempt the source address won't belong
>>to an NTP server and the packet will be discarded, sooner or later.  It's
>>value is just to clog the pipes.  And anyway, there seems to be a general
>>consensus that sending the wrong time is wrong.  Just don't send it, or
>>simply mark it invalid or KOD or all zeros, or all three.  No need to
>>attempt to confound the "requester".    
>>    
>>
>
>There is no way to mark an NTP packet as invalid but then why would you
>even bother to send an invalid packet in the first place. You can send a
>KOD packet but 99% of the clients out there won't know what it is and
>assume that the ntp timestamps are valid. Also all zeros means the wrong
>time.
>
>Danny
>_______________________________________________
>questions mailing list
>questions at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/questions
>  
>




More information about the questions mailing list