[outages] enough of this ntp bs.

Stephen Wilcox steve.wilcox at ixreach.com
Sat Mar 8 14:10:45 EST 2014


Its not UDP's fault, its the amplifying effects of an open NTP server thats
the issue, and NTP servers are in all kinds of places and having a secure
config not an end user easy experience. Even things like JunOS run ntp as
open by default.

UDP is great for what its designed for, connectionless data exchanges...
and TCP SYN attacks can be pretty big, and back in the old days ICMP smurf
attacks were all the rage. Its also just a matter of time before someone
discovers theres a common IPv6 based hack and enough v6 nodes in the world
to do some damage.

I'm also not convinced BCP38 will make the issue go away, it only takes a
small number of ISPs to either not be implementing it or accidentally stop
filtering and modern server and home broadband connection speeds are fast
enough that a handful of bots can generate very large amounts of traffic. I
think ISPs and upstreams need to be more proactive in identifying open NTP
servers in their customers networks.


Steve


On 8 March 2014 22:48, Terrence <terrence.oconnor at gmail.com> wrote:

> In short, yes.. Now to get the ISPs to implement it.  I am still not a fan
> of UDP.
>
> -
> Terrence
> Sent from my iPhone please excuse any errors.
>
> > On Mar 8, 2014, at 12:52 PM, "Alain Hebert" <ahebert at pubnix.net> wrote:
> >
> > Do I really have to go there again?
> >
> > http://www.bcp38.info
> >
> >> all week long I'm seeing ntp attacks on provider ips on my router.
> >> Enough of this bs, it's time to stand up and block this BS....
> >> _______________________________________________
> >> Outages mailing list
> >> Outages at outages.org
> >> https://puck.nether.net/mailman/listinfo/outages
> >
> >
> > _______________________________________________
> > Outages mailing list
> > Outages at outages.org
> > https://puck.nether.net/mailman/listinfo/outages
>
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20140308/dccf3795/attachment.htm>


More information about the Outages mailing list