Danny, For clarification, the late code returns the KoD with client timestamps unchanged. No server timestamps are revealed.
Dave Danny Mayer wrote: >Eric wrote: > > >>On Tue, 10 Feb 2009 23:38:07 -0500, "Richard B. Gilbert" >><rgilber...@comcast.net> wrote for the entire planet to see: >> >> >> >>>Danny Mayer wrote: >>> >>> >>>>Eric wrote: >>>> >>>> >>>>>The only mitigation I can think of here is for NTP to not respond to >>>>>excessive rate queries at all, or very infrequently, after the KOD. >>>>> >>>>>- Eric >>>>> >>>>> >>>>That's what the latest code does. >>>> >>>>Danny >>>> >>>> >>>If ntpd responds to such DOS attacks with the WRONG YEAR or random >>>date-times, it might discourage the perpetrators. >>> >>> >>Not really. If it's really a DDoS attempt the source address won't belong >>to an NTP server and the packet will be discarded, sooner or later. It's >>value is just to clog the pipes. And anyway, there seems to be a general >>consensus that sending the wrong time is wrong. Just don't send it, or >>simply mark it invalid or KOD or all zeros, or all three. No need to >>attempt to confound the "requester". >> >> > >There is no way to mark an NTP packet as invalid but then why would you >even bother to send an invalid packet in the first place. You can send a >KOD packet but 99% of the clients out there won't know what it is and >assume that the ntp timestamps are valid. Also all zeros means the wrong >time. > >Danny >_______________________________________________ >questions mailing list >questions@lists.ntp.org >https://lists.ntp.org/mailman/listinfo/questions > > _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions