[ntp:questions] NTP Denial of Service attack 29 November 2011

Danny Mayer mayer at ntp.org
Wed Nov 30 12:40:34 UTC 2011


On 11/30/2011 4:35 AM, Rob wrote:
> Danny Mayer <mayer at ntp.org> wrote:
>> On 11/29/2011 4:57 PM, Rich wrote:
>>>
>>>> Isn't that a bit wide a range to block for only 4 IPs?
>>>> What makes you think any further attacks will come from the same range?
>>>>
>>> Only my 17 years experience at the stratum 1 level.  I see little
>>> value in providing NTP to Asian Pacific networks from Washington, DC.
>>
>>
>> I agree. Not following the rules of engagement for stratum 1/2 servers
>> can mean you block all NTP traffic from those nodes or issuing
>> occasional KOD packets to those nodes.
> 
> Yes, sure.   But blocking an entire region because of 4 abusers?

Yes. In this case they are not following the rules of engagement.
Sending packets from another Continent doesn't make a lot of sense in
any case.

Danny



More information about the questions mailing list