Hello, David, > Now that amplification is established, I hope everyone is updating....
What's behind your writing that? I was thinking that the usual "restrict" line would be enough to solve the problem. And that can be done (and has been standard practice for most non-mice :-) ), with not-so-current versions of ntpd. I throw in rate-limiting. So my server can also not be used for "reflection" attacks. Where some rogue client floods my server with normal "ask the time" requests with forged sender (the victim's IP). The victim would see a flood of answers regarding questions it never asked. This kind of attack provides no amplification, but hides the attacker's IP, from the victim's point of view. This is just a personal precaution. I have not heard un-amplified reflection actually takes place. (If I were an attacker, I would not consider it worth the trouble.) But then, I don't follow those details too closely. But even with my dated version of ntpd, given what I learned in the recent discussion here on the list, I consider myself safe unless 600+ such attacks attempt to use my server against 600+ different victims simultaneously. Am I missing anything, in your opinion? Regards, Andreas _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
