On 2014-02-12, David Woolley <[email protected]> wrote: > In this article, which also appeared in the paper version this morning, > they suggest that normal NTP time requests result in a much larger > response than the request. > > http://metro.co.uk/2014/02/11/the-start-of-ugly-things-to-come-hackers-flood-european-servers-in-biggest-computer-attack-of-its-kind-4300395/
Normal time packets are AFAIK the same size going out or coming back. Administration packets can be highly assymmetric (factors of 450 have been claimed). I was spanked by the sysadmins at my Uni because I had one ntpd server, and it was used in the DoS attack. Almost all of my machines use chrony, and it was a lone holdout for testing. Since the GPS 18 attached to it has died (both mine only lasted about 3 years) I just took the ntpd off the air, and felt rather foolish, since I had been the one that suggested that chrony be fixed ( and it has been by Lichvar) to make sure it does not amplify. And a week later I am the guilty party with ntpd. At least with chrony the default was always not to reply to external commands. ntpd had the default to reply which was a bit silly. _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
