[ntp:questions] NTP Denial of Service attack 29 November 2011

Rich schmidt.rich at gmail.com
Wed Nov 30 14:49:16 UTC 2011


On Nov 30, 8:42 am, mi... at flatsurface.com (Mike S) wrote:
> At 07:40 AM 11/30/2011, Danny Mayer wrote...
>
> >On 11/30/2011 4:35 AM, Rob wrote:
> > > Yes, sure.   But blocking an entire region because of 4 abusers?
>
> >Yes. In this case they are not following the rules of engagement.
> >Sending packets from another Continent doesn't make a lot of sense in
> >any case.
>
> "They?" Who do you think "they" are? There are 4 abusive hosts, and the
> suggested blocks potentially cover over 128 million hosts. Are you
> suggesting that you know as fact, that because 4 hosts aren't following
> the rules, none of the other 128 million are, either?
>
> You're probably right that hosts in AsiaPAC don't need NTP service from
> USNO. But, the recommendation was made to the audience at large, which
> can't be assumed to only represent a single region.

At 11 pm EST 29 Nov 2011 the Navy Cyber Defense Operations Command
ordered USNO to take NTP servers in Washington, DC offline, and USNO
complied.   USNO serves more than 3 million clients.  This is the
first time in 17 years that we have ceased NTP operations.

Rich Schmidt
Time Service Department
US Naval Observatory



More information about the questions mailing list