 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Kent Borg wrote: > David N. Blank-Edelman wrote: >> Perhaps this? >> http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks > > I'll bet that is it. I'll keep NTP turned off for the moment until I > can run a newer version. This attack sounds like it requires an exposed NTP server[1]. Is yours behind a firewall? If not, why is it exposed? Are you a volunteer in http://www.pool.ntp.org/en/ ? -Tom 1. Traversing a simple NAT firewall is not too hard, when you are talking about a stateless UDP protocol for services that send outbound packets quite regularly, and thus it keeps the NAT port mappings active, but still this is not trivial. Aside from mitigating this with the rate limiting Rich suggests, I'd expect a decent NAT implementation "out of the box" would thwart this by rejecting packets coming from IPs others that where the outbound packets were sent. Even if you spoofed those IPs, unless you aim to DDoS other NTP servers, that would seem to make this technique useless. -- Tom Metro The Perl Shop, Newton, MA, USA "Predictable On-demand Perl Consulting." http://www.theperlshop.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
