Hi
There is indeed a list devoted to NTP and they have spent the last couple of
months / years going over security issues in great detail.
Bob
On Jan 11, 2014, at 11:44 PM, Tapio Sokura tapio.sok...@iki.fi wrote:
On 10.1.2014 23:10, Jim Lux wrote:
but how long before someone thinks of
On 10.1.2014 23:10, Jim Lux wrote:
but how long before someone thinks of putting the amplifier after a
botnet, rather than driving it directly.
It has probably been done for a while already, like has been done before
with protocols such as dns and chargen. I'm perpetually amazed how so
many IP
http://arstechnica.com/security/2014/01/dos-attacks-that-took-down-big-game-sites-abused-webs-time-synch-protocol/
Interesting.. throw requests at an NTP server that look as if they come
from the target, prompting large responses to the victim, presumably to
overload it.
The article talks
It's not a big deal. Even if one pool NTP server is down, there are
literally hundreds others and most NTP users are configured to look at
between three and five. Not only that if they POOL servers are randomly
assigned so if one of your NTP servers is taken down, next time it is
unlikely you'd
On Fri, Jan 10, 2014 at 2:52 PM, Chris Albertson
albertson.ch...@gmail.comwrote:
It's not a big deal. Even if one pool NTP server is down
On Fri, Jan 10, 2014 at 4:32 AM, Jim Lux jim...@earthlink.net wrote:
The article talks about how the victim site can easily filter out the
messages
On 1/10/14 1:06 PM, Paul wrote:
On Fri, Jan 10, 2014 at 2:52 PM, Chris Albertson
albertson.ch...@gmail.comwrote:
It's not a big deal. Even if one pool NTP server is down
On Fri, Jan 10, 2014 at 4:32 AM, Jim Lux jim...@earthlink.net wrote:
The article talks about how the victim site can
This amplification attack vector is really easy to stop. The procedure
is documented in the CERT advisory, which was released with almost no
forewarning to me or my team. While we knew about it and drafted the
mitigation information and tweaked other portions of the announcement,
we were