[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The somewhat illegal fix for NTP attacks

Subject: The somewhat illegal fix for NTP attacks
From: mysidia at gmail.com (Jimmy Hess)
Date: Sat, 22 Feb 2014 15:09:06 -0600
In-reply-to: <[email protected]>
References: <CAPkb-7AdMQ=Kpy5_BDYOfQF++B0h693a0Jp5YjZ-DXaGtc9wyQ@mail.gmail.com> <[email protected]>

On Sat, Feb 22, 2014 at 6:41 AM, Rich Kulawiec <rsk at gsp.org> wrote:

Perhaps you would rather publish a blacklist of   "/24s containing NTP
servers open to MONLIST" over UDP port 123   similar to the  bogon feeds.

And encourage all networks to blackhole the list.

That way potential NTP reflection abuse traffic  gets  stuffed as close to
the source as possible.

> It's never appropriate to respond to abuse with abuse.  Not only is
> it questionable/unprofessional behavior, but -- as we've seen -- there
> is a high risk that it'll exacerbate the problem, often by targeting
> innocent third parties.
>
> I understand the frustration but this is not the way.
>
> ---rsk

--
-JH

Follow-Ups:
- The somewhat illegal fix for NTP attacks
  - From: ahebert at pubnix.net (Alain Hebert)

References:
- The somewhat illegal fix for NTP attacks
  - From: baldur.norddahl at gmail.com (Baldur Norddahl)
- The somewhat illegal fix for NTP attacks
  - From: rsk at gsp.org (Rich Kulawiec)

Prev by Date: out of band management gear
Next by Date: Filter NTP traffic by packet size?
Previous by thread: The somewhat illegal fix for NTP attacks
Next by thread: The somewhat illegal fix for NTP attacks
Index(es):
- Date
- Thread