UDP/123 policers & status
Ragnar Sundblad
ragge at kth.se
Sat Mar 28 23:09:37 UTC 2020
> On 28 Mar 2020, at 23:58, Harlan Stenn <stenn at nwtime.org> wrote:
>
>> Steven Sommars said:
>>> The secure time transfer of NTS was designed to avoid
>> amplification attacks.
>
> Uh, no.
Yes, it was.
As Steven said, “The secure time transfer of NTS was designed to
avoid amplification attacks”. I would even say - to make it
impossible to use for amplification attacks.
> If you understand what's going on from the perspective of both the
> client and the server and think about the various cases, I think you'll
> see what I mean.
Hopefully, no-one exposes mode 6 or mode 7 on the internet anymore
at least not unauthenticated, and at least not the commands that are
not safe from amplification attacks. Those just can not be allowed
to be used anonymously.
> NTS is a task-specific hammer.
Yes.
Ragnar
More information about the NANOG
mailing list