On Tue, 10 Feb 2009 23:38:07 -0500, "Richard B. Gilbert" <rgilber...@comcast.net> wrote for the entire planet to see:
>Danny Mayer wrote: >> Eric wrote: > >>> The only mitigation I can think of here is for NTP to not respond to >>> excessive rate queries at all, or very infrequently, after the KOD. >>> >>> - Eric >> >> That's what the latest code does. >> >> Danny > >If ntpd responds to such DOS attacks with the WRONG YEAR or random >date-times, it might discourage the perpetrators. Not really. If it's really a DDoS attempt the source address won't belong to an NTP server and the packet will be discarded, sooner or later. It's value is just to clog the pipes. And anyway, there seems to be a general consensus that sending the wrong time is wrong. Just don't send it, or simply mark it invalid or KOD or all zeros, or all three. No need to attempt to confound the "requester". _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
