[58997] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: pool.ntp.org NTP servers

daemon@ATHENA.MIT.EDU (Matt Zimmerman)
Tue Jun 10 16:58:04 2003

Date: Tue, 10 Jun 2003 16:57:29 -0400
From: Matt Zimmerman <mdz@csh.rit.edu>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <Pine.GSO.4.44.0306072354460.6700-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu


On Sun, Jun 08, 2003 at 12:15:19AM -0400, Sean Donelan wrote:

> As a general principle, having an open UDP port exposes your network
> infrastructure to either something like a NTP worm (if one was written)
> or a great attack amplifier by spoofing NTP queries from a victim's IP
> address.  You can search Google for other NTP specific security issues.

I don't see how a (unicast) NTP service could be used as an effective
amplifier, though it could be used to conceal the source of a ~1:1 DDoS
attack.

-- 
 - mdz


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[58997] in North American Network Operators' Group

Re: pool.ntp.org NTP servers

daemon@ATHENA.MIT.EDU (Matt Zimmerman)Tue Jun 10 16:58:04 2003

daemon@ATHENA.MIT.EDU (Matt Zimmerman)
Tue Jun 10 16:58:04 2003