Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] NTP Gone Crazy?

Kent Borg wrote:
> David N. Blank-Edelman wrote:
>> Perhaps this?
> I'll bet that is it.  I'll keep NTP turned off for the moment until I
> can run a newer version.

This attack sounds like it requires an exposed NTP server[1]. Is yours
behind a firewall?

If not, why is it exposed? Are you a volunteer in ?


1. Traversing a simple NAT firewall is not too hard, when you are
talking about a stateless UDP protocol for services that send outbound
packets quite regularly, and thus it keeps the NAT port mappings active,
but still this is not trivial. Aside from mitigating this with the rate
limiting Rich suggests, I'd expect a decent NAT implementation "out of
the box" would thwart this by rejecting packets coming from IPs others
that where the outbound packets were sent. Even if you spoofed those
IPs, unless you aim to DDoS other NTP servers, that would seem to make
this technique useless.

Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /