[ntp:questions] better rate limiting against amplification attacks?
David Woolley
david at ex.djwhome.demon.invalid
Wed Jan 15 07:55:52 UTC 2014
On 27/12/13 10:24, Rob wrote:
> What is the NTP developers position on implementation of better
> rate limiting options in ntpd?
>
> There are more and more amplification attacks against ntp servers,
> similar to those against open DNS resolvers. A small packet sent
> with a spoofed source address (allowed by a lame ISP) results in
> a large reply from ntpd, sent to the victim of the attack.
CERT have just issued an alert about the monlist attack:
<https://www.us-cert.gov/ncas/alerts/TA14-013A> (TA14-013A: NTP
Amplification Attacks Using CVE-2013-5211). The advice is upgrade or
use restrict.
More information about the questions
mailing list