UDP/123 policers & status

• Previous message (by thread): UDP/123 policers & status
• Next message (by thread): UDP/123 policers & status
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ragnar,

On 3/28/2020 4:09 PM, Ragnar Sundblad wrote:
> 
>> On 28 Mar 2020, at 23:58, Harlan Stenn <stenn at nwtime.org> wrote:
>>
>>> Steven Sommars said:
>>>> The secure time transfer of NTS was designed to avoid
>>>    amplification attacks.
>>
>> Uh, no.
> 
> Yes, it was.
> 
> As Steven said, “The secure time transfer of NTS was designed to
> avoid amplification attacks”. I would even say - to make it
> impossible to use for amplification attacks.

Please tell me how.  I've been part of this specific topic since the
original NTS spec.  For what y'all are saying to be true, there are some
underlying assumptions that would need to be in place, and they are
clearly not in place now and won't be until people update their
software, and even better, tweak their configs.

>> If you understand what's going on from the perspective of both the
>> client and the server and think about the various cases, I think you'll
>> see what I mean.
> 
> Hopefully, no-one exposes mode 6 or mode 7 on the internet anymore
> at least not unauthenticated, and at least not the commands that are
> not safe from amplification attacks. Those just can not be allowed
> to be used anonymously.

But mode 6/7 is completely independent of NTS.

It's disingenuous for people to imply otherwise.

>> NTS is a task-specific hammer.
> 
> Yes.
> 
> Ragnar

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!

• Previous message (by thread): UDP/123 policers & status
• Next message (by thread): UDP/123 policers & status
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]