On Mar 16, 2014, at 17:16, AlbyVA <[email protected]> wrote: > Has anybody else noticed the rapid decline in NTP Pool servers over the > last couple of months?
Yes! :-( > Just a few days ago I found out that my VPN tunnel provider (Reliable > Hosting) made a business decision to block Port 123 as their way of > mitigating NTP Reflection Attacks. I suggested to their tech guys they should > have just policed port 123 traffic and dropped anything that was around > 400/bytes or larger. But I'm sure that recommendation will fall on deaf ears. I don't think it's easy to do in most equipment and also it doesn't help on the cost of the incoming traffic from the attacks. > In any case, looking at the Global pool servers > (http://www.pool.ntp.org/zone) there has been a 10% decline over the last 180 > days. 50% of that being in the last 60 days. It just appears that excessive > actions are being taken against NTP traffic across the board. Word needs to > go out for providers to slow down with the heavy hand of outright port > blocking (if that is what's really going on). I'm just using my own > encounters as a window on what might be a larger issue underway. It seems like it's relatively few providers who are doing this. As long as it's not a trend that spreads more widely then the impact on the pool is relatively small (the remaining servers getting a few more queries) compared to the users behind those networks who now have a much harder time getting NTP service. If more providers do it, hopefully that'll put pressure on making better support for a local "what's my NTP server?" discovery mechanism, similar to what we do for DNS servers. That seems like a win for all; in the mean time -- yes, it sucks. In addition to the usual brouhaha about BCP38 getting the misconfigured NTP servers fixed will also help make this problem go away. Though very good progress is being made on that, if it'll be a success within a reasonable timeframe or end up like BCP38 remains to be seen. Ask _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
