> To test my server, I went to another computer outside of the network > and did a 'host time.cajuntechie.org' in ntpdc. I then issued a few > commands like monlist, peers, etc and I got a timeout every single > time. Does this mean my server is safe from the amplification attack > or do I need to do more?
By my understanding, you should be OK. Current amplification attacks as I understand them depend on monlist queries, which amplify by a factor of from 3 or 4 to somewhere up in the 450 range, depending on how busy the machine in question is. But I haven't made any particular study of such things, so I could be rather off base. I'm one of the people who gets abuse@ at at least one ISP and I saw an abuse report that claimed an amplification factor of 456, without any weasel words such as "up to". So I tried it on my own machines and I found the amplification factor ranged from about 4 to about half what they claimed, depending on which machine I poked and on whether I measured traffic volume at the IP layer or the Ethernet layer - not what they claimed but certainly high enough to call for some kind of alleviation. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
