Hal Murray <[email protected]>:
> Looks like the idea in the old code was to set the minpoll to the polling
> interval from the KoD packet.
>
> Looks like Daniel changed that to 10. I'd guess that's a hack defense
> against
> something worse from a forged packet. 10 seems safe for the server but not
> nice to the client trying to keep accurate time.
>
> KoD packets can be forged, so anything in this area is a DDoS opportunity.
> But that processing is after some filtering, so the attack isn't wide open.
>
> I vote changing it back, and checking that we log KoD packets.
I'm inclined to concur. But I'd like to hear from Daniel and others
before we make a final decision.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
_______________________________________________
devel mailing list
[email protected]
http://lists.ntpsec.org/mailman/listinfo/devel
