David Woolley wrote: > Hal Murray wrote: > >> >> Please see: >> http://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > > Although probably true about this case, a quick skim makes me think that > this article breaks the Original Research rules for Wikipedia. I think > any one incident would be borderline on the rule, but associating the > incidents without a source for the analysis of their releationship seems > to me to be over the line.
Both incidents are well known. Their only "relationship" was in having a poorly designed and/or a poorly implemented NTP client which caused particular servers to be bombarded with thousands of requests per second. The "fix" was adding to the RFC a requirement that a client failing to get a reply "back off" exponentially; e.g. if you don't get a reply, double the interval between requests! If this is correctly implemented it results in the client increasing the interval between requests until queries are sent at intervals of 1024 seconds. There is also a "Kiss of Death" packet which will cause a conforming implementation to cease polling the server issuing the K.O.D. At this point, anyone who causes a repeat incident risks being laughed off the planet!! I'd make a small bet that there will be another incident! Never underestimate the power of human stupidity!! _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions