[outages] enough of this ntp bs.
Cb B
cb.list6 at gmail.com
Sat Mar 8 14:18:49 EST 2014
On Mar 8, 2014 11:13 AM, "Stephen Wilcox" <steve.wilcox at ixreach.com> wrote:
>
> Its not UDP's fault, its the amplifying effects of an open NTP server
thats the issue, and NTP servers are in all kinds of places and having a
secure config not an end user easy experience. Even things like JunOS run
ntp as open by default.
>
> UDP is great for what its designed for, connectionless data exchanges...
and TCP SYN attacks can be pretty big, and back in the old days ICMP smurf
attacks were all the rage. Its also just a matter of time before someone
discovers theres a common IPv6 based hack and enough v6 nodes in the world
to do some damage.
>
> I'm also not convinced BCP38 will make the issue go away, it only takes a
small number of ISPs to either not be implementing it or accidentally stop
filtering and modern server and home broadband connection speeds are fast
enough that a handful of bots can generate very large amounts of traffic. I
think ISPs and upstreams need to be more proactive in identifying open NTP
servers in their customers networks.
>
>
If its not ntp today its chargen and dns tomorrow and snmp the day after
that.
http://www.internetsociety.org/doc/amplification-hell-revisiting-network-protocols-ddos-abuse
> Steve
>
>
> On 8 March 2014 22:48, Terrence <terrence.oconnor at gmail.com> wrote:
>>
>> In short, yes.. Now to get the ISPs to implement it. I am still not a
fan of UDP.
>>
>> -
>> Terrence
>> Sent from my iPhone please excuse any errors.
>>
>> > On Mar 8, 2014, at 12:52 PM, "Alain Hebert" <ahebert at pubnix.net> wrote:
>> >
>> > Do I really have to go there again?
>> >
>> > http://www.bcp38.info
>> >
>> >> all week long I'm seeing ntp attacks on provider ips on my router.
>> >> Enough of this bs, it's time to stand up and block this BS....
>> >> _______________________________________________
>> >> Outages mailing list
>> >> Outages at outages.org
>> >> https://puck.nether.net/mailman/listinfo/outages
>> >
>> >
>> > _______________________________________________
>> > Outages mailing list
>> > Outages at outages.org
>> > https://puck.nether.net/mailman/listinfo/outages
>>
>> _______________________________________________
>> Outages mailing list
>> Outages at outages.org
>> https://puck.nether.net/mailman/listinfo/outages
>
>
>
>
>
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20140308/8acee4bf/attachment.htm>
More information about the Outages
mailing list