[time-nuts] NTP as vector for DDOS attacks?

Bob Camp lists at rtty.us
Sun Jan 12 09:51:30 EST 2014


Hi

There is indeed a list devoted to NTP and they have spent the last couple of months / years going over security issues in great detail.

Bob

On Jan 11, 2014, at 11:44 PM, Tapio Sokura <tapio.sokura at iki.fi> wrote:

> On 10.1.2014 23:10, Jim Lux wrote:
>> but how long before someone thinks of putting the amplifier after a
>> botnet, rather than driving it directly.
> 
> It has probably been done for a while already, like has been done before
> with protocols such as dns and chargen. I'm perpetually amazed how so
> many IP networks and ISPs in the world still let packets with faked
> source addresses through, thus enabling reflection/amplification attacks
> and in general making tracking (d)dos sources that much harder.
> 
> If you run a network or an ISP, read and implement BCP38 if you haven't
> already, please! It will make the Internet a better place, even if it's
> just a network at a time. Trying to "secure" UDP amplification attacks a
> higher level protocol at a time is like putting band-aid on a bad water
> hose that leaks, with new leaks springing up elsewhere as the pressure
> in the hose rises from the newly applied (still leaking) band-aids.
> 
> Sorry for wandering a bit off-topic here, just couldn't resist the
> temptation. Maybe I should go rig my trusty Oncore VPs back online..
> 
>  Tapio, oh2kku
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.



More information about the time-nuts mailing list