Rich Smith wrote:
Huge hack 'is ugly sign of future'
http://www.bbc.co.uk/news/technology-26136774
Heh... Hackers using NTP
Explains the "lots of traffic" posts on this list in recent days
Rich
Yet again the focus is on NTP as the mechanism used in the attack.
However, this is unwarranted. The problem is not NTP, the problem is the lack
of
source address filtering. Systems on the internet should be only allowed to
send
traffic with their own address as source address. Any other traffic should be
dropped
by the first router they talk to.
This is easily arranged, only it is work to do without any direct payback for
the ISP.
Therefore the ISPs are reluctant to take it on.
I propose that the existance of an ISP without source address filtering is
handled by
a reputation system similar to what was brought in place to bring down open
SMTP relays,
another thing that was once a common practice and that needed to be shut down
because they were being abused by miscreants.
Just disconnect every provider that refuses to set up source address filtering
until
they give in. No source address filtering? No traffic from you. Period.
This will end this and many similar DDOS issues. Allowing spoofed traffic is
just not
acceptable anymore on the internet.
Just fixing NTP doesn't cut it, as many other protcols, even TCP, provide
reflection.
Rob
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
