On 2014-05-19, E-Mail Sent to this address will be added to the BlackLists <[email protected]> wrote: > Jochen Bern wrote: >> GeoIP blocking > > More likely related to the "DRDOS" attempts of the last few months. ><http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>
The problem was that ntpd responded to some requests for information by sending out a packet which was hundreds of times longer than the requesting packet length. Thus I could send a request with someone else's return address, and that fake return address would get a packet hundreds of times longer than the packet I sent out. If it were the same of smaller, it would not pay for me to do this, since my own requesting packet would be more efficient at overwhelming the remote system than was going through a middle man. And ntpd had the option of replying to such requests switched on by default. Thus, two solutions-- do not have replying switched on by default, and switch it on only in special circumstances or make sure that replies are always shorter than requests. Or disallow all ntp requests (inclidng requests for time) at the firewall. The latter is response of ISPs who do not have access to your ntpd on your own computer. > > _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
